diff --git a/browsers/edge/about-microsoft-edge.md b/browsers/edge/about-microsoft-edge.md
index e39d63f4e2..deef9f2c1a 100644
--- a/browsers/edge/about-microsoft-edge.md
+++ b/browsers/edge/about-microsoft-edge.md
@@ -5,6 +5,7 @@ ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
author: shortpatti
ms.prod: edge
ms.mktglfcycl: general
+ms.topic: reference
ms.sitesec: library
title: Microsoft Edge for IT Pros
ms.localizationpriority: medium
diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index 83197e6a12..e62e7d861d 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -6,6 +6,7 @@ ms.author: pashort
manager: dougkim
ms.prod: edge
ms.mktglfcycl: explore
+ms.topic: reference
ms.sitesec: library
title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
ms.localizationpriority: medium
diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index 3b39c63a9c..6d86a32508 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -2,6 +2,7 @@
title: Change history for Microsoft Edge (Microsoft Edge for IT Pros)
description: Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile.
ms.prod: edge
+ms.topic: reference
ms.mktglfcycl: explore
ms.sitesec: library
ms.localizationpriority: medium
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index 45a4952323..5fa2461985 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -5,6 +5,7 @@ author: shortpatti
ms.author: pashort
ms.manager: dougkim
ms.prod: browser-edge
+ms.topic: reference
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: appcompat
diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md
index da3686718d..b8b82b3882 100644
--- a/browsers/edge/group-policies/address-bar-settings-gp.md
+++ b/browsers/edge/group-policies/address-bar-settings-gp.md
@@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md
index a5bcbb0ea4..3ad76e0397 100644
--- a/browsers/edge/group-policies/adobe-settings-gp.md
+++ b/browsers/edge/group-policies/adobe-settings-gp.md
@@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md
index 2fc892d73b..d2e9d6ea91 100644
--- a/browsers/edge/group-policies/books-library-management-gp.md
+++ b/browsers/edge/group-policies/books-library-management-gp.md
@@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md
index 4cd1c73ad2..2570cc3c69 100644
--- a/browsers/edge/group-policies/browser-settings-management-gp.md
+++ b/browsers/edge/group-policies/browser-settings-management-gp.md
@@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md
index 4e2e437372..ca4870ac95 100644
--- a/browsers/edge/group-policies/developer-settings-gp.md
+++ b/browsers/edge/group-policies/developer-settings-gp.md
@@ -8,7 +8,7 @@ managre: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md
index 577d254742..3a7fc2dfe5 100644
--- a/browsers/edge/group-policies/extensions-management-gp.md
+++ b/browsers/edge/group-policies/extensions-management-gp.md
@@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md
index 4dcf0faf29..13c415afdf 100644
--- a/browsers/edge/group-policies/favorites-management-gp.md
+++ b/browsers/edge/group-policies/favorites-management-gp.md
@@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
-ms.topic: article
+ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md
index a4bac9dd9a..3f22c2897d 100644
--- a/browsers/edge/group-policies/home-button-gp.md
+++ b/browsers/edge/group-policies/home-button-gp.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
+ms.topic: reference
---
# Home button
diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
index d053b89a43..9e39200fe0 100644
--- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
+++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
@@ -9,6 +9,7 @@ ms.date: 10/02/2018
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
+ms.topic: reference
---
# Interoperability and enterprise mode guidance
diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md
index 6d6ba06617..b18871a3e6 100644
--- a/browsers/edge/group-policies/new-tab-page-settings-gp.md
+++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
+ms.topic: reference
---
diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md
index eae661d455..8baa1858bb 100644
--- a/browsers/edge/group-policies/prelaunch-preload-gp.md
+++ b/browsers/edge/group-policies/prelaunch-preload-gp.md
@@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
+ms.topic: reference
---
# Prelaunch Microsoft Edge and preload tabs in the background
@@ -18,7 +19,7 @@ Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows
## Relevant group policies
- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)
-- [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
+- [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md
index 75d3d2b070..75677a0ec8 100644
--- a/browsers/edge/group-policies/search-engine-customization-gp.md
+++ b/browsers/edge/group-policies/search-engine-customization-gp.md
@@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
+ms.topic: reference
---
# Search engine customization
diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md
index 100feaa54d..cf137c8439 100644
--- a/browsers/edge/group-policies/security-privacy-management-gp.md
+++ b/browsers/edge/group-policies/security-privacy-management-gp.md
@@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
+ms.topic: reference
---
# Security and privacy
@@ -57,12 +58,12 @@ Microsoft Edge addresses these threats to help make browsing the web a safer exp
| Feature | Description |
|---|---|
-| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). |
+| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include- Certificate Reputation system: Protects users from fraudulent certificates.
- Bing Webmaster Tools (for developers): Reports fake certificates directly to Microsoft.
|
| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). HSTS helps ensure that connections to important sites, such as to your bank, are always secured.
**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. |
| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. |
-| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities. |
+| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. |
| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. |
| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. |
| **All web content runs in an app container sandbox** |Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. |
diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md
index 8aded2af76..55df08e642 100644
--- a/browsers/edge/group-policies/start-pages-gp.md
+++ b/browsers/edge/group-policies/start-pages-gp.md
@@ -9,6 +9,7 @@ ms.date: 10/02/2018
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
+ms.topic: reference
---
# Start pages
diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md
index 19670fa3e2..aac83e87ca 100644
--- a/browsers/edge/group-policies/sync-browser-settings-gp.md
+++ b/browsers/edge/group-policies/sync-browser-settings-gp.md
@@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
+ms.topic: reference
---
# Sync browser settings
diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md
index 446721b2a4..c83cd2848c 100644
--- a/browsers/edge/group-policies/telemetry-management-gp.md
+++ b/browsers/edge/group-policies/telemetry-management-gp.md
@@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
+ms.topic: reference
---
# Telemetry and data collection
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
index aa5efc657a..cdd5bb2adc 100644
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -1,7 +1,7 @@
---
author: shortpatti
ms.author: pashort
-ms.date: 10/26/2018
+ms.date: 11/02/2018
ms.prod: edge
ms:topic: include
---
@@ -18,9 +18,8 @@ ms:topic: include
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
-|Not configured |Blank |Blank |Users can choose what loads on the New Tab page. |
-|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from changing it. |
-|Enabled **(default)** |1 |1 |Load the default New Tab page. |
+|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from making changes. |
+|Enabled or not configured **(default)** |1 |1 |Load the default New Tab page and the users make changes. |
---
### ADMX info and settings
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
index efd553631f..a67f33444b 100644
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -21,7 +21,7 @@ ms:topic: include
|Group Policy |Description |Most restricted |
|---|---|:---:|
|Disabled or not configured
**(default)** |Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
-|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.
To define a default list of favorites, do the following:
- In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
- Click **Import from another browser**, click **Export to file** and save the file.
- In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
- HTTP location: "SiteList"=http://localhost:8080/URLs.html
- Local network: "SiteList"="\network\shares\URLs.html"
- Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
| |
+|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.To define a default list of favorites, do the following:
- In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
- Click **Import from another browser**, click **Export to file** and save the file.
- In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
- HTTP location: "SiteList"=https://localhost:8080/URLs.html
- Local network: "SiteList"="\network\shares\URLs.html"
- Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
| |
---
### ADMX info and settings
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index 0ba39a1c3a..9550d5d1d2 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -125,7 +125,7 @@ sections:
html: Minimum system requirements
Supported languages
-
+
Document change history
Compare Windows 10 Editions
diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md
index 432331677d..f989f0e5c8 100644
--- a/browsers/edge/microsoft-edge-faq.md
+++ b/browsers/edge/microsoft-edge-faq.md
@@ -4,10 +4,11 @@ description: Answers to frequently asked questions about Microsoft Edge features
author: shortpatti
ms.author: pashort
ms.prod: edge
+ms.topic: reference
ms.mktglfcycl: general
ms.sitesec: library
ms.localizationpriority: medium
-ms.date: 10/23/2018
+ms.date: 11/05/2018
---
# Frequently Asked Questions (FAQs) for IT Pros
@@ -32,7 +33,7 @@ For more information on how Internet Explorer and Microsoft Edge can work togeth
**Q: Does Microsoft Edge work with Enterprise Mode?**
-**A:** [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. For guidance and additional resources, please visit the [Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge).
+**A:** [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps.
**Q: I have Windows 10, but I don’t seem to have Microsoft Edge. Why?**
@@ -41,7 +42,7 @@ For more information on how Internet Explorer and Microsoft Edge can work togeth
**Q: How do I get the latest Canary/Beta/Preview version of Microsoft Edge?**
-**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service.
+**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service.
**Q: How do I customize Microsoft Edge and related settings for my organization?**
@@ -49,7 +50,9 @@ For more information on how Internet Explorer and Microsoft Edge can work togeth
**Q: Is Adobe Flash supported in Microsoft Edge?**
-**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
+**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](available-policies.md#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
+
+
To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index a3d1996719..a8f34188e6 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -1,11 +1,12 @@
---
+title: Deploy Microsoft Edge kiosk mode
description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
ms.assetid:
author: shortpatti
ms.author: pashort
ms.prod: edge
ms.sitesec: library
-title: Deploy Microsoft Edge kiosk mode
+ms.topic: get-started-article
ms.localizationpriority: medium
ms.date: 10/29/2018
---
diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
index 9c8dea176e..a056b0a737 100644
--- a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
@@ -1,9 +1,9 @@
---
author: shortpatti
ms.author: pashort
-ms.date: 10/02/2018
+ms.date: 11/02/2018
ms.prod: edge
ms:topic: include
---
-By default, Microsoft Edge loads the default New Tab page. Disabling this policy loads a blank page instead of the New Tab page and prevents users from changing it. Not configuring this policy lets users choose what loads on the New Tab page.
\ No newline at end of file
+By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
\ No newline at end of file
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index f6061375ab..6ebdd65d65 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.
Administrators can only see comments while they’re in this tool.
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index eafa1921a5..4c6531c174 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.
Administrators can only see comments while they’re in this tool.
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
index e678fe972c..4dfb16435c 100644
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
@@ -50,7 +50,7 @@ Employees assigned to the Requester role can create a change request. A change r
- **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
- - **App location (URL).** The full URL location to the app, starting with http:// or https://.
+ - **App location (URL).** The full URL location to the app, starting with https:// or https://.
- **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
index 88711fd787..52ada71083 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
@@ -28,7 +28,7 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both http://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both https://contoso.com and https://contoso.com.
``` xml
@@ -135,7 +135,7 @@ This table includes the elements used by the Enterprise Mode schema.
<path exclude="true">/products</path>
</domain>
</emie>
-Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.
+Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
Internet Explorer 11 and Microsoft Edge |
@@ -167,7 +167,7 @@ This table includes the attributes used by the Enterprise Mode schema.
<path exclude="true">/products</path>
</domain>
</emie>
-Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.
+Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
Internet Explorer 11 and Microsoft Edge |
@@ -203,7 +203,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
+- Don’t use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing.
- Don’t use wildcards.
- Don’t use query strings, ampersands break parsing.
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
index df6a01cb68..ebc229a1db 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -38,7 +38,7 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
The following is an example of the v.2 version of the Enterprise Mode schema.
**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both http://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com.
``` xml
@@ -198,7 +198,7 @@ The <url> attribute, as part of the <site> element in the v.2 versio
<site url="contoso.com/travel">
<open-in allow-redirect="true">IE11</open-in>
</site>
-In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
+In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
Internet Explorer 11 and Microsoft Edge |
@@ -210,14 +210,14 @@ In this example, if http://contoso.com/travel is encountered in a redirect chain
| url |
Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
Note
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
Example
<site url="contoso.com:8080">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
-In this example, going to http://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. |
+In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.
Internet Explorer 11 and Microsoft Edge |
@@ -286,7 +286,7 @@ Saving your v.1 version of the file using the new Enterprise Mode Site List Mana
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-- Don’t use protocols. For example, http://, https://, or custom protocols. They break parsing.
+- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing.
- Don’t use wildcards.
- Don’t use query strings, ampersands break parsing.
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
index bfb9659bd0..b67d27b563 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
@@ -111,7 +111,7 @@ The required packages are automatically downloaded and included in the solution.
1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
- ``` "Enable"="http:///api/records/"
+ ``` "Enable"="https:///api/records/"
```
Where `` points to your deployment URL.
@@ -125,7 +125,7 @@ The required packages are automatically downloaded and included in the solution.
**To view the report results**
-- Go to `http:///List` to see the report results.
+- Go to `https:///List` to see the report results.
If you’re already on the webpage, you’ll need to refresh the page to see the results.
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
index 0aca62e070..fe5fe752fc 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
@@ -176,7 +176,7 @@ Using the IIS Manager, you must restart both your Application Pool and your webs
After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
**To register as an administrator**
-1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085.
+1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
2. Click **Register now**.
@@ -184,7 +184,7 @@ After you've created your database and website, you'll need to register yourself
4. Click **Administrator** from the **Role** box, and then click **Save**.
-5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole.
+5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
diff --git a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
index e4e3d83ec8..1a704aa67e 100644
--- a/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -33,7 +33,7 @@ All of your managed devices must have access to this location if you want them t
- **Local file:** `"SiteList"="file:///c:\\Users\\\\Documents\\testList.xml"`
> **Example:**
- >> _Web URL_ http://localhost:8080/EnterpriseMode.xml
+ >> _Web URL_ https://localhost:8080/EnterpriseMode.xml
>>
>> _Network Share_ \\NetworkShare.xml (Place this inside the group policy folder on Sysvol)
>>
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
index 0f5ff8d1f9..5781fe3fc0 100644
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -46,9 +46,9 @@ Besides turning on this feature, you also have the option to provide a URL for E
Your **Value data** location can be any of the following types:
-- **URL location (like, http://www.emieposturl.com/api/records or http://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.**Important**
-The `http://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
-- **Local network location (like, http://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
+- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
**Important**
+The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
+- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index decdc115fa..2eab3c28fd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.
Administrators can only see comments while they’re in this tool.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index bdfc8633a7..df209b5a60 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.
Administrators can only see comments while they’re in this tool.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index a1ba907f17..9e485e54d8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -52,7 +52,7 @@ After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your
- **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
**Important**
Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`.
+ - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
**Important**
Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index 180e1100b9..8d6510713e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -40,7 +40,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.
**No
3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note**
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
-4. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.**Note**
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `http://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
+4. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.**Note**
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index 99f85f37b8..a0e95c8fac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -30,7 +30,7 @@ You can use your Internet settings (.ins) files to set up your standard proxy se
- **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md).
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.**Important**
IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`.
+ - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.
**Important**
IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
## Locking your auto-proxy settings
You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
index 0c04501602..145c439f02 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@@ -50,7 +50,7 @@ Employees assigned to the Requester role can create a change request. A change r
- **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
- - **App location (URL).** The full URL location to the app, starting with http:// or https://.
+ - **App location (URL).** The full URL location to the app, starting with https:// or https://.
- **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index c89dd26fab..ef14f9f67f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -41,7 +41,7 @@ Deploying pinned websites in MDT 2013 is a 4-step process:
Pinned websites are immediately available to every user who logs on to the computer although the user must click each icon to populate its Jump List.
**Important**
-To follow the examples in this topic, you’ll need to pin the Bing (http://www.bing.com/) and MSN (http://www.msn.com/) websites to the taskbar.
+To follow the examples in this topic, you’ll need to pin the Bing (https://www.bing.com/) and MSN (https://www.msn.com/) websites to the taskbar.
### Step 1: Creating .website files
The first step is to create a .website file for each website that you want to pin to the Windows 8.1 taskbar during deployment. A .website file is like a shortcut, except it’s a plain text file that describes not only the website’s URL but also how the icon looks.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 87de33e7d8..307614576b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -28,7 +28,7 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both http://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both https://contoso.com and https://contoso.com.
``` xml
@@ -135,7 +135,7 @@ This table includes the elements used by the Enterprise Mode schema.
<path exclude="false">/products</path>
</domain>
</emie>
-Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.
+Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
Internet Explorer 11 and Microsoft Edge |
@@ -167,7 +167,7 @@ This table includes the attributes used by the Enterprise Mode schema.
<path exclude="true">/products</path>
</domain>
</emie>
-Where http://fabrikam.com uses IE8 Enterprise Mode, but http://fabrikam.com/products does not.
+Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not.
Internet Explorer 11 and Microsoft Edge |
@@ -203,7 +203,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
+- Don’t use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing.
- Don’t use wildcards.
- Don’t use query strings, ampersands break parsing.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 354fe81545..d9689c000a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -38,7 +38,7 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
The following is an example of the v.2 version of the Enterprise Mode schema.
**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both http://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com.
``` xml
@@ -198,7 +198,7 @@ The <url> attribute, as part of the <site> element in the v.2 versio
<site url="contoso.com/travel">
<open-in allow-redirect="true">IE11</open-in>
</site>
-In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
+In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
Internet Explorer 11 and Microsoft Edge |
@@ -210,14 +210,14 @@ In this example, if http://contoso.com/travel is encountered in a redirect chain
| url |
Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
Note
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
Example
<site url="contoso.com:8080">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
-In this example, going to http://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode. |
+In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.
Internet Explorer 11 and Microsoft Edge |
@@ -286,7 +286,7 @@ Saving your v.1 version of the file using the new Enterprise Mode Site List Mana
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-- Don’t use protocols. For example, http://, https://, or custom protocols. They break parsing.
+- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing.
- Don’t use wildcards.
- Don’t use query strings, ampersands break parsing.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 7a95011950..37916eff52 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -16,7 +16,7 @@ Windows Server Update Services (WSUS) lets you download a single copy of the Mic
**To import from Windows Update to WSUS**
-1. Open your WSUS admin site. For example, `http:///WSUSAdmin/`.
+1. Open your WSUS admin site. For example, `https:///WSUSAdmin/`.
Where `` is the name of your WSUS server.
2. Choose the top server node or the **Updates** node, and then click **Import Updates**.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index 5be58eea07..1dcf781581 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -21,7 +21,7 @@ IE11 works differently with search, based on whether your organization is domain
- **Non-domain-joined computers.** A single word entry is treated as an intranet site. However, if the term doesn't resolve to a site, IE11 then treats the entry as a search term and opens your default search provider.
-To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `http://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
+To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
**To enable single-word intranet search**
@@ -29,7 +29,7 @@ To explicitly go to an intranet site, regardless of the environment, users can t
2. Click **Advanced**, check the **Go to an intranet site for a single word entry in the Address bar** box, and then click **OK**.
-If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `http://contoso`.
+If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `https://contoso`.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 66a5d8b70b..a834636814 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -115,7 +115,7 @@ Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone an
|--------|--------------|-------------|----------|
|Turn on ActiveX control logging in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE saves log information for ActiveX controls.If you enable this setting, IE logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file.
If you disable or don't configure this setting, IE won't log ActiveX control information.
Note that you can turn this setting on or off regardless of the **Turn off blocking of outdated ActiveX controls for IE** or **Turn off blocking of outdated ActiveX controls for IE on specific domains** settings. |
|Remove the **Run this time** button for outdated ActiveX controls in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`|Internet Explorer 8 through IE11 |This setting allows you stop users from seeing the **Run this time** button and from running specific outdated ActiveX controls in IE.
If you enable this setting, users won't see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control.
If you disable or don't configure this setting, users will see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. |
-|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:
- **"domainname.TLD".** For example, if you want to include `*.contoso.com/*`, use "contoso.com".
- **"hostname".** For example, if you want to include `http://example`, use "example".
- **"file:///path/filename.htm"**. For example, use `file:///C:/Users/contoso/Desktop/index.htm`.
If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. |
+|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:
- **"domainname.TLD".** For example, if you want to include `*.contoso.com/*`, use "contoso.com".
- **"hostname".** For example, if you want to include `https://example`, use "example".
- **"file:///path/filename.htm"**. For example, use `file:///C:/Users/contoso/Desktop/index.htm`.
If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. |
|Turn off blocking of outdated ActiveX controls for IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
If you enable this setting, IE stops blocking outdated ActiveX controls.
If you disable or don't configure this setting, IE continues to block specific outdated ActiveX controls. |
|Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |This functionality is only available through the registry |Internet Explorer 8 through IE11 |This setting determines whether the out-of-date ActiveX control blocking notification shows the **Update** button. This button points users to update specific out-of-date ActiveX controls in IE. |
@@ -145,8 +145,8 @@ Here’s a detailed example and description of what’s included in the VersionA
|Source URI |File path |Product version |File version |Allowed/Blocked |Reason |EPM-compatible |
|-----------|----------|----------------|-------------|----------------|-------|---------------|
-|`http://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible |
-|`http://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible |
+|`https://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible |
+|`https://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible |
**Where:**
- **Source URI.** The URL of the page that loaded the ActiveX control.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index 8653264774..a72a457d0a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -111,7 +111,7 @@ The required packages are automatically downloaded and included in the solution.
1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
- ``` "Enable"="http:///api/records/"
+ ``` "Enable"="https:///api/records/"
```
Where `` points to your deployment URL.
@@ -125,7 +125,7 @@ The required packages are automatically downloaded and included in the solution.
**To view the report results**
-- Go to `http:///List` to see the report results.
+- Go to `https:///List` to see the report results.
If you’re already on the webpage, you’ll need to refresh the page to see the results.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index bb8a401b5c..47c4caf92b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -176,7 +176,7 @@ Using the IIS Manager, you must restart both your Application Pool and your webs
After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
**To register as an administrator**
-1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085.
+1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
2. Click **Register now**.
@@ -184,7 +184,7 @@ After you've created your database and website, you'll need to register yourself
4. Click **Administrator** from the **Role** box, and then click **Save**.
-5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole.
+5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index ea5b7d450b..ea9a56a081 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -46,9 +46,9 @@ Besides turning on this feature, you also have the option to provide a URL for E
Your **Value data** location can be any of the following types:
-- **URL location (like, http://www.emieposturl.com/api/records or http://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
**Important**
-The `http://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
-- **Local network location (like, http://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
+- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
**Important**
+The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
+- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
index b31c220601..440d2c7fc1 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
@@ -42,7 +42,7 @@ You can use the Domain Name System (DNS) and the Dynamic Host Configuration Prot
- Type the location to your automatic proxy script file.
**Note**
- If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `http://share/test.ins`.
+ If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `https://share/test.ins`.
3. Click **Next** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page or **Back** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page.
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index 0752aaac38..b14d4aa1ce 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -36,9 +36,9 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
- Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
**Examples:**
- `http://www.microsoft.com/webproxy.pac`
- `http://marketing/config.ins`
- `http://123.4.567.8/account.pac`
+ `https://www.microsoft.com/webproxy.pac`
+ `https://marketing/config.ins`
+ `https://123.4.567.8/account.pac`
For more detailed info about how to set up your DHCP server, see your server documentation.
**To set up automatic detection for DNS servers**
@@ -55,5 +55,5 @@ Create a canonical name (CNAME) alias record, named **WPAD**. This record lets y
2. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
**Note**
-IE11 creates a default URL template based on the host name,**wpad**. For example, `http://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
+IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
index 9d4d9f6b4f..f404bf78cf 100644
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
@@ -16,5 +16,5 @@ Provide the URL to your branding cabinet (.cab) file.
|Name |Value | Description |
|-----------|--------------------------------|--------------------------------------------------------------|
-|Branding |`` |The location of your branding cabinet (.cab) file. For example, http://www.<your_server>.net/cabs/branding.cab.|
+|Branding |`` |The location of your branding cabinet (.cab) file. For example, https://www.<your_server>.net/cabs/branding.cab.|
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index a4bbac4b2e..fde8b84b67 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -21,7 +21,7 @@ You can customize Automatic Search so that your employees can type a single word
**To set up Automatic Search**
-1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: http://ieautosearch/response.asp?MT=%1&srch=%2.
+1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.
For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
**Important**
If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location.
@@ -72,18 +72,18 @@ searchOption = Request.QueryString("srch")
' about filling out an expense report
if (search = "NEW HIRE") then
-Response.Redirect("http://admin/hr/newhireforms.htm")
+Response.Redirect("https://admin/hr/newhireforms.htm")
elseif (search = "LIBRARY CATALOG") then
-Response.Redirect("http://library/catalog")
+Response.Redirect("https://library/catalog")
elseif (search = "EXPENSE REPORT") then
-Response.Redirect("http://expense")
+Response.Redirect("https://expense")
elseif (search = "LUNCH MENU") then
-Response.Redirect("http://cafe/menu/")
+Response.Redirect("https://cafe/menu/")
else
' If there is not a match, use the
' default IE autosearch server
-Response.Redirect("http://auto.search.msn.com/response.asp?MT="
+Response.Redirect("https://auto.search.msn.com/response.asp?MT="
+ search + "&srch=" + searchOption +
"&prov=&utf8")
end if
diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
index 60b082565b..604489d8fc 100644
--- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
@@ -17,7 +17,7 @@ The **Important URLS – Home Page and Support** page of the Internet Explorer C
**To use the Important URLS – Home Page and Support page**
1. In the **Add a homepage URL** box, type the URL to the page your employees go to when they click the **Home** button, and then click **Add**.
-If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you don’t add a custom **Home** page, IE uses http://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**.
+If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you don’t add a custom **Home** page, IE uses https://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**.
2. Check the **Retain previous Home Page (Upgrade)** box if you have employees with previous versions of IE, who need to keep their **Home** page settings when the browser is updated.
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
index 9a57aef1fa..5e04f4e473 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
@@ -127,7 +127,7 @@ In this example, the proxy server is selected by translating the host name into
``` javascript
function FindProxyForURL(url, host)
{
- if (dnsResolve(host) == "999.99.99.999") { // = http://secproxy
+ if (dnsResolve(host) == "999.99.99.999") { // = https://secproxy
return "PROXY secproxy:8080";
}
else {
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index c29f790845..22252bf546 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -21,7 +21,7 @@ Using a proxy server lets you limit access to the Internet. You can also use the
1. Check the **Enable proxy settings** box if you want to use proxy servers for any of your services.
2. Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.
-Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `http://proxy`.
+Proxy locations that don’t begin with a protocol (like, https:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `https://proxy`.
3. Type the port for each service. The default value is *80*.
@@ -30,7 +30,7 @@ Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are
5. Type any services that shouldn’t use a proxy server into the **Do not use proxy server for addresses beginning with** box.
When filling out your exceptions, keep in mind:
- - Proxy bypass entries can begin with a protocol type, such as http://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol.
+ - Proxy bypass entries can begin with a protocol type, such as https://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol.
- Protocol values are not case sensitive and you can use a wildcard character (*) in place of zero or more characters.
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
index 0e48aa99c7..3633d298c1 100644
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
@@ -25,7 +25,7 @@ The **Search Provider** box appears.
3. In the **Display Name** box, type the text that appears in the **Search Options** menu for the search provider.
-4. In the **URL** box, type the full URL to the search provider, including the http:// prefix.
+4. In the **URL** box, type the full URL to the search provider, including the https:// prefix.
5. In the **Favicon URL** box, type the full URL to any icon to associate with your provider.
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
index 2526c4f33b..8f9826a8b5 100644
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
@@ -57,7 +57,7 @@ Internet Explorer Setup can switch servers during the installation process to ma
To address connection issues (for example, as a result of server problems) where Setup can’t locate another download site by default, we recommend you overwrite your first download server using this workaround:
``` syntax
-\ie11setup.exe /C:"ie11wzd.exe /S:""\ie11setup.exe"" /L:""http://your_Web_server/your_Web_site/ie11sites.dat"""
+\ie11setup.exe /C:"ie11wzd.exe /S:""\ie11setup.exe"" /L:""https://your_Web_server/your_Web_site/ie11sites.dat"""
```
Where `` represents the folder location where you stored IE11setup.exe.
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index bec5bec56b..5e6c740970 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -11,4 +11,5 @@
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
+## [How HoloLens stores data for spaces](hololens-spaces.md)
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md
index 0b9f30c11d..8f2862fc81 100644
--- a/devices/hololens/change-history-hololens.md
+++ b/devices/hololens/change-history-hololens.md
@@ -9,13 +9,20 @@ author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.localizationpriority: medium
-ms.date: 10/23/2018
+ms.date: 11/05/2018
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
+## November 2018
+
+New or changed topic | Description
+--- | ---
+[How HoloLens stores data for spaces](hololens-spaces.md) | New
+
+
## October 2018
New or changed topic | Description
@@ -25,6 +32,7 @@ New or changed topic | Description
[Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md) | Removed, and redirected to [Overview of Dynamics 365 Layout](https://docs.microsoft.com/dynamics365/mixed-reality/layout/)
[Insider preview for Microsoft HoloLens](hololens-insider.md) | Added instructions for opting out of Insider builds.
+
## July 2018
New or changed topic | Description
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index 5e1218f90c..8f05c5e15c 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -145,7 +145,8 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
-
+8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
+8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
8. On the **File** menu, select **Save.**
9. On the **Export** menu, select **Provisioning package**.
10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md
new file mode 100644
index 0000000000..19307fdfb6
--- /dev/null
+++ b/devices/hololens/hololens-spaces.md
@@ -0,0 +1,69 @@
+---
+title: How HoloLens stores data for spaces (HoloLens)
+description:
+ms.prod: hololens
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 11/05/2018
+---
+
+# How HoloLens stores data for spaces
+
+In the Windows 10, version 1803 update for Microsoft HoloLens, the mapping data for [spaces](https://support.microsoft.com/help/13760/hololens-spaces-on-hololens) is stored in a local database.
+
+The map database is not exposed to a user of the device, even when plugged into a PC or when using the File Explorer app. When BitLocker is enabled, the stored map data is also encrypted with the entire volume.
+
+Holograms that are anchored within the same map section are considered to be “nearby” in the current space.
+
+
+## Frequently asked questions
+
+**How can I remove map data and known spaces from the HoloLens?**
+
+There are two options for deleting map data in **Settings > System > Holograms**:
+
+- Select **Remove nearby holograms** to delete nearby holograms, clearing the map data and anchored holograms for the current space. A brand new map section would be created and stored in the database for that location while the device is used there. This option can be used to clear the map data for work without affecting any map data from home, for example.
+- Select **Remove all holograms** to delete all holograms, clearing all locally stored map data and anchored holograms. No holograms will be rediscovered and any holograms need to be newly placed.
+
+>[!NOTE]
+>When you remove nearby or all holograms, HoloLens immediately starts scanning and mapping the current space.
+
+**How does Wi-Fi data get used by HoloLens and where is the data stored?**
+
+As long as Wi-Fi is enabled, map data will be correlated with nearby Wi-Fi access points. There is no difference in behavior if a network is connected or just nearby. Network characteristics are not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens.
+
+Wi-Fi characteristics are stored locally to help correlate hologram locations and map sections stored within HoloLens’ database of known spaces. It’s inaccessible to users, and not sent to Microsoft via the cloud or via telemetry.
+
+
+
+**Does HoloLens need to be connected to the internet?**
+
+No, internet connectivity is not required. Observed Wi-Fi access points are obtained without being connected or authenticated. It does not change functionality if the access points are internet connected or intranet/local only.
+
+
+
+
+
+**Since HoloLens no longer requires you to select a space when Wi-Fi is disabled, how does it find the space automatically?**
+
+If Wi-Fi is disabled, the space search can still happen; HoloLens will need to search more of the map data within the spaces database, and finding holograms can take longer.
+
+HoloLens will sense and remember spaces even when Wi-Fi is disabled, by securely storing the sensor data when holograms are placed. Without the Wi-Fi info, the space and holograms may be slower to recognize at a later time, as the HoloLens needs to compare active scans to all hologram anchors and map sections stored on the device in order to locate the correct portion of the map.
+
+HoloLens will visually compare the current scanning data from the sensors to locally stored map sections in the entire spaces database. It will locate holograms faster if the Wi-Fi characteristics can be found, to narrow down the number of spaces to compare.
+
+
+
+
+
+
+
+
+## Related topics
+
+- [Environment considerations for HoloLens](https://docs.microsoft.com/windows/mixed-reality/environment-considerations-for-hololens)
+- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design)
+- [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq)
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 2574c2cbf6..6fcee63f5d 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -396,7 +396,7 @@ Once the device has been domain joined, you must specify a security group from t
The following input is required:
- **Domain:** This is the fully qualified domain name (FQDN) of the domain that you want to join. A security group from this domain can be used to manage the device.
-- **User name:** The user name of an account that has sufficient permission to join the specified domain. This account must be a computer object.
+- **User name:** The user name of an account that has sufficient permission to join the specified domain.
- **Password:** The password for the account.
After the credentials are verified, you will be asked to type a security group name. This input is required.
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
index babce30d59..cae7e9639e 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
@@ -80,7 +80,7 @@ If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 o
6. You now need to change the room mailbox to a linked mailbox:
```PowerShell
- $cred=Get-Credential AuthForest\LinkedRoomTest1
+ $cred=Get-Credential AuthForest\ADAdmin
Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1
```
diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
index 5142ecf01f..143ee0777c 100644
--- a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
+++ b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
@@ -1,13 +1,14 @@
---
title: How to Deploy the App-V Client
description: How to Deploy the App-V Client
+ms.author: pashort
author: jamiejdt
ms.assetid: 9c4e67ae-ddaf-4e23-8c16-72d029a74a27
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 11/01/2016
+ms.date: 11/05/2018
---
@@ -18,341 +19,137 @@ Use the following procedure to install the Microsoft Application Virtualization
**What to do before you start**
-1. Review and install the software prerequisites:
+1. Review and install the software prerequisites:
- Install the prerequisite software that corresponds to the version of App-V that you are installing:
+ Install the prerequisite software that corresponds to the version of App-V that you are installing:
- - [About App-V 5.0 SP3](about-app-v-50-sp3.md)
+ - [About App-V 5.0 SP3](about-app-v-50-sp3.md)
- - App-V 5.0 SP1 and App-V 5.0 SP2 – no new prerequisites in these versions
+ - App-V 5.0 SP1 and App-V 5.0 SP2 – no new prerequisites in these versions
- - [App-V 5.0 Prerequisites](app-v-50-prerequisites.md)
+ - [App-V 5.0 Prerequisites](app-v-50-prerequisites.md)
-2. Review the client coexistence and unsupported scenarios, as applicable to your installation:
+2. Review the client coexistence and unsupported scenarios, as applicable to your installation:
-
-
-
-
-
-
-
- Deploying coexisting App-V clients |
- [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) |
-
-
- Unsupported or limited installation scenarios |
- See the client section in [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) |
-
-
-
+ | | |
+ |---|---|
+ |Deploying coexisting App-V clients |[Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) |
+ |Unsupported or limited installation scenarios |[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) |
+ ---
+
+3. Review the locations for client registry, log, and troubleshooting information:
-
-
-3. Review the locations for client registry, log, and troubleshooting information:
-
-
-
-
-
-
-
-
-Client registry information |
-
-By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:
-HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:
-C: \ ProgramData \ App-V
-However, you can reconfigure this location with the following registry key:
-HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT \ STREAMING \ PACKAGEINSTALLATIONROOT |
-
-
-Client log files |
-
-For log file information that is associated with the App-V 5.0 Client, search in the following log:
-Event logs / Applications and Services Logs / Microsoft / AppV In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:
-Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog
-For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved). Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:
-C:\ProgramData\App-V\<package id>\<version id> |
-
-
-Client installation troubleshooting information |
-See the error log in the %temp% folder. To review the log files, click Start, type %temp%, and then look for the appv_ log. |
-
-
-
-
-
+ | | |
+ |---|---|
+ |Client registry information |- By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\APPV\CLIENT
- When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:
C:\ProgramData\App-V
However, you can reconfigure this location with the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SOFTWARE\MICROSOFT\APPV\CLIENT\STREAMING\PACKAGEINSTALLATIONROOT
|
+ |Client log files |- For log file information that is associated with the App-V 5.0 Client, search in the following log:
Event logs/Applications and Services Logs/Microsoft/AppV
- In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:
Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog
For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).
- Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:
C:\ProgramData\App-V\<_package id_>\<_version id_>
|
+ |Client installation troubleshooting information |See the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv_ log**. |
+ ---
+
**To install the App-V 5.0 Client**
-1. Copy the App-V 5.0 client installation file to the computer on which it will be installed. Choose from the following client types:
+1. Copy the App-V 5.0 client installation file to the computer on which it will be installed.Choose from the following client types:
-
-
-
-
-
-
-
-
-
-
- Standard version of the client |
- appv_client_setup.exe |
-
-
- Remote Desktop Services version of the client |
- appv_client_setup_rds.exe |
-
-
-
+ |Client type |File to use |
+ |---|---|
+ |Standard version of the client |**appv_client_setup.exe** |
+ |Remote Desktop Services version of the client |**appv_client_setup_rds.exe** |
+ ---
-
+2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md).
-2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md).
+3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**.
-3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**.
+4. On the **Setup completed successfully** page, click **Close**.
-4. On the **Setup completed successfully** page, click **Close**.
+ The installation creates the following entries for the App-V client in **Programs**:
- The installation creates the following entries for the App-V client in **Programs**:
+ - **.exe**
- - **.exe**
+ - **.msi**
- - **.msi**
+ - **language pack**
+
+ >[!NOTE]
+ >After the installation, only the .exe file can be uninstalled.
- - **language pack**
-
- **Note**
- After the installation, only the .exe file can be uninstalled.
-
-
**To install the App-V 5.0 client using a script**
-1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing.
+1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing.
-2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**.
+2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**.
- **Note**
- The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
+ >[!NOTE]
+ >The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
-
-
-
-
-
-
-
-
-
- /INSTALLDIR |
- Specifies the installation directory. Example usage: /INSTALLDIR=C:\Program Files\AppV Client |
-
-
- /CEIPOPTIN |
- Enables participation in the Customer Experience Improvement Program. Example usage: /CEIPOPTIN=[0|1] |
-
-
- /MUOPTIN |
- Enables Microsoft Update. Example usage: /MUOPTIN=[0|1] |
-
-
- /PACKAGEINSTALLATIONROOT |
- Specifies the directory in which to install all new applications and updates. Example usage: /PACKAGEINSTALLATIONROOT='C:\App-V Packages' |
-
-
- /PACKAGESOURCEROOT |
- Overrides the source location for downloading package content. Example usage: /PACKAGESOURCEROOT='http://packageStore' |
-
-
- /AUTOLOAD |
- Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0].Example usage: /AUTOLOAD=[0|1|2] |
-
-
- /SHAREDCONTENTSTOREMODE |
- Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: /SHAREDCONTENTSTOREMODE=[0|1] |
-
-
- /MIGRATIONMODE |
- Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage: /MIGRATIONMODE=[0|1] |
-
-
- /ENABLEPACKAGESCRIPTS |
- Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage: /ENABLEPACKAGESCRIPTS=[0|1] |
-
-
- /ROAMINGREGISTRYEXCLUSIONS |
- Specifies the registry paths that will not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients |
-
-
- /ROAMINGFILEEXCLUSIONS |
- Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS 'desktop;my pictures' |
-
-
- /S[1-5]PUBLISHINGSERVERNAME |
- Displays the name of the publishing server. Example usage: /S2PUBLISHINGSERVERNAME=MyPublishingServer |
-
-
- /S[1-5]PUBLISHINGSERVERURL |
- Displays the URL of the publishing server. Example usage: /S2PUBLISHINGSERVERURL=\\pubserver |
-
-
- /S[1-5]GLOBALREFRESHENABLED - |
- Enables a global publishing refresh. Example usage: /S2GLOBALREFRESHENABLED=[0|1] |
-
-
- /S[1-5]GLOBALREFRESHONLOGON |
- Initiates a global publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1] |
-
-
- /S[1-5]GLOBALREFRESHINTERVAL - |
- Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744] |
-
-
- /S[1-5]GLOBALREFRESHINTERVALUNIT |
- Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2GLOBALREFRESHINTERVALUNIT=[0|1] |
-
-
- /S[1-5]USERREFRESHENABLED |
- Enables user publishing refresh. Example usage: /S2USERREFRESHENABLED=[0|1] |
-
-
- /S[1-5]USERREFRESHONLOGON |
- Initiates a user publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1] |
-
-
- /S[1-5]USERREFRESHINTERVAL - |
- Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744] |
-
-
- /S[1-5]USERREFRESHINTERVALUNIT |
- Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2USERREFRESHINTERVALUNIT=[0|1] |
-
-
- /Log |
- Specifies a location where the log information is saved. The default location is %Temp%. Example usage: /log C:\logs\log.log |
-
-
- /q |
- Specifies an unattended installation. |
-
-
- /REPAIR |
- Repairs a previous client installation. |
-
-
- /NORESTART |
- Prevents the computer from rebooting after the client installation.
- The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. |
-
-
- /UNINSTALL |
- Uninstalls the client. |
-
-
- /ACCEPTEULA |
- Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1. |
-
-
- /LAYOUT |
- Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected. |
-
-
- /LAYOUTDIR |
- Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”. |
-
-
- /?, /h, /help |
- Requests help about the previous installation parameters. |
-
-
-
-
-
+ | | |
+ |---|---|
+ |/INSTALLDIR |Specifies the installation directory. Example usage:**/INSTALLDIR=C:\Program Files\AppV Client** |
+ |/CEIPOPTIN |Enables participation in the Customer Experience Improvement Program. Example usage:
**/CEIPOPTIN=[0\|1\]** |
+ |/MUOPTIN |Enables Microsoft Update. Example usage:
**/MUOPTIN=[0\|1\]** |
+ |/PACKAGEINSTALLATIONROOT |Specifies the directory in which to install all new applications and updates. Example usage:
**/PACKAGEINSTALLATIONROOT='C:\App-V Packages'** |
+ |/PACKAGESOURCEROOT |Overrides the source location for downloading package content. Example usage:
**/PACKAGESOURCEROOT='http://packageStore'** |
+ |/AUTOLOAD |Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0]. Example usage:
**/AUTOLOAD=[0\|1\|2\]** |
+ |/SHAREDCONTENTSTOREMODE |Specifies that streamed package contents will be not be saved to the local hard disk. Example usage:
**/SHAREDCONTENTSTOREMODE=[0\|1\]** |
+ |/MIGRATIONMODE |Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage:
**/MIGRATIONMODE=[0\|1\]** |
+ |/ENABLEPACKAGESCRIPTS |Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage:
**/ENABLEPACKAGESCRIPTS=[0\|1\]** |
+ |/ROAMINGREGISTRYEXCLUSIONS |Specifies the registry paths that will not roam with a user profile. Example usage:
**/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients** |
+ |/ROAMINGFILEEXCLUSIONS |Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:
**/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'** |
+ |/S[1-5]PUBLISHINGSERVERNAME |Displays the name of the publishing server. Example usage:
**/S2PUBLISHINGSERVERNAME=MyPublishingServer** |
+ |/S[1-5]PUBLISHINGSERVERURL |Displays the URL of the publishing server. Example usage:
**/S2PUBLISHINGSERVERURL=\\pubserver** |
+ |/S[1-5]GLOBALREFRESHENABLED|Enables a global publishing refresh. Example usage:
**/S2GLOBALREFRESHENABLED=[0\|1\]** |
+ |/S[1-5]GLOBALREFRESHONLOGON |Initiates a global publishing refresh when a user logs on. Example usage:
**/S2LOGONREFRESH=[0\|1\]** |
+ |/S[1-5]GLOBALREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** |
+ |/S[1-5]GLOBALREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:
**/S2GLOBALREFRESHINTERVALUNIT=[0\|1\]** |
+ |/S[1-5]USERREFRESHENABLED |Enables user publishing refresh. Example usage: **/S2USERREFRESHENABLED=[0\|1\]** |
+ |/S[1-5]USERREFRESHONLOGON |Initiates a user publishing refresh when a user logs on. Example usage:
**/S2LOGONREFRESH=[0\|1\]** |
+ |/S[1-5]USERREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** |
+ |/S[1-5]USERREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:
**/S2USERREFRESHINTERVALUNIT=[0\|1\]** |
+ |/Log |Specifies a location where the log information is saved. The default location is %Temp%. Example usage:
**/log C:\logs\log.log** |
+ |/q |Specifies an unattended installation. |
+ |/REPAIR |Repairs a previous client installation. |
+ |/NORESTART |Prevents the computer from rebooting after the client installation.
The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. |
+ |/UNINSTALL |Uninstalls the client. |
+ |/ACCEPTEULA |Accepts the license agreement. This is required for an unattended installation. Example usage:
**/ACCEPTEULA** or **/ACCEPTEULA=1** |
+ |/LAYOUT |Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected. |
+ |/LAYOUTDIR |Specifies the layout directory. Requires a string value. Example usage:
**/LAYOUTDIR=”C:\Application Virtualization Client”** |
+ |/?, /h, /help |Requests help about the previous installation parameters. |
+ ---
**To install the App-V 5.0 client by using the Windows Installer (.msi) file**
-1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail.
+1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail.
-2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart.
+2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart.
-3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer.
+3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer.
-
-
-
-
-
-
-
-
-
-
- Computer is running a 32-bit Microsoft Windows operating system |
- appv_client_MSI_x86.msi |
-
-
- Computer is running a 64-bit Microsoft Windows operating system |
- appv_client_MSI_x64.msi |
-
-
- You are deploying the App-V 5.0 Remote Desktop Services client |
- appv_client_rds_MSI_x64.msi |
-
-
-
+ |Type of deployment |Deploy this file |
+ |---|---|
+ |Computer is running a 32-bit Microsoft Windows operating system |appv_client_MSI_x86.msi |
+ |Computer is running a 64-bit Microsoft Windows operating system |appv_client_MSI_x64.msi |
+ |You are deploying the App-V 5.0 Remote Desktop Services client |appv_client_rds_MSI_x64.msi |
+ ---
+
+4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack.
-
+ **What to know before you start:**
-4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack.
+ - The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client.
- **What to know before you start:**
+ - If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer.
- - The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client.
+ - To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**.
- - If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer.
-
- - To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**.
-
-
-
-
-
-
-
-
-
-
-
- Computer is running a 32-bit Microsoft Windows operating system |
- appv_client_LP_xxxx_ x86.msi |
-
-
- Computer is running a 64-bit Microsoft Windows operating system |
- appv_client_LP_xxxx_ x64.msi |
-
-
-
-
-
-
- **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
+ |Type of deployment |Deploy this file |
+ |---|---|
+ |Computer is running a 32-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x86.msi |
+ |Computer is running a 64-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x64.msi |
+ ---
+
+ **Got a suggestion for App-V**? Add or vote on [suggestions](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
@@ -362,12 +159,3 @@ Use the following procedure to install the Microsoft Application Virtualization
[About Client Configuration Settings](about-client-configuration-settings.md)
[How to Uninstall the App-V 5.0 Client](how-to-uninstall-the-app-v-50-client.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 231682d2b9..aa9b63bd2b 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -23,7 +23,13 @@ To make use of the Settings App group polices on Windows server 2016, install fi
To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
-This policy is available at **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
+This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
+
+Policy paths:
+
+**Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
+
+**User Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 6a7dbb8a95..99ad8fd29e 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -348,7 +348,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
> [!TIP]
@@ -412,7 +412,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
> [!TIP]
@@ -600,7 +600,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
> [!TIP]
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index f14d66e522..d7be6815e1 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -10,13 +10,19 @@ ms.localizationpriority: medium
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 10/02/2018
+ms.date: 11/07/2018
---
# Change history for Configure Windows 10
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## Novermber 2018
+
+New or changed topic | Description
+--- | ---
+[Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md) | Updated script.
+
## October 2018
New or changed topic | Description
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 9738a64aae..bb333f0c3f 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 07/30/2018
+ms.date: 11/07/2018
---
# Use MDM Bridge WMI Provider to create a Windows 10 kiosk
@@ -32,55 +32,55 @@ $nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = @"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ]]>
-
-
-
-
-
-
- MultiAppKioskUser
-
-
-
-
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
+ <Profiles>
+ <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+ <AllAppsList>
+ <AllowedApps>
+ <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
+ <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
+ <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+ <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+ <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+ <App DesktopAppPath="%windir%\system32\mspaint.exe" />
+ <App DesktopAppPath="C:\Windows\System32\notepad.exe" />
+ </AllowedApps>
+ </AllAppsList>
+ <StartLayout>
+ <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+ <LayoutOptions StartTileGroupCellWidth="6" />
+ <DefaultLayoutOverride>
+ <StartLayoutCollection>
+ <defaultlayout:StartLayout GroupCellWidth="6">
+ <start:Group Name="Group1">
+ <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
+ <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
+ <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+ <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+ <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+ </start:Group>
+ <start:Group Name="Group2">
+ <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
+ <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
+ </start:Group>
+ </defaultlayout:StartLayout>
+ </StartLayoutCollection>
+ </DefaultLayoutOverride>
+ </LayoutModificationTemplate>
+ ]]>
+ </StartLayout>
+ <Taskbar ShowTaskbar="true"/>
+ </Profile>
+ </Profiles>
+ <Configs>
+ <Config>
+ <Account>MultiAppKioskUser</Account>
+ <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+ </Config>
+ </Configs>
+</AssignedAccessConfiguration>
"@
-
+
Set-CimInstance -CimInstance $obj
```
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index ce9e1629c5..aa375d690f 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -260,6 +260,7 @@
##### [Step 1: Identify apps](upgrade/upgrade-readiness-identify-apps.md)
##### [Step 2: Resolve issues](upgrade/upgrade-readiness-resolve-issues.md)
##### [Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md)
+##### [Step 4: Monitor deployment](upgrade/upgrade-readiness-monitor-deployment.md)
##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md)
##### [Targeting a new operating system version](upgrade/upgrade-readiness-target-new-OS.md)
### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index 6ea42e8bc1..f45a135986 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -7,7 +7,7 @@ ms.sitesec: library
ms.pagetype: deploy
keywords: deployment, automate, tools, configure, mdt, sccm, M365
ms.localizationpriority: medium
-ms.date: 04/23/2018
+ms.date: 11/06/2018
author: greg-lindsay
---
@@ -55,12 +55,8 @@ Examples of these two deployment advisors are shown below.
## Related Topics
-[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-
-
-
-
-
+[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
+[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index c18d4a269e..be1e1f9ea7 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -7,7 +7,7 @@ ms.localizationpriority: medium
ms.prod: w10
ms.sitesec: library
ms.pagetype: deploy
-ms.date: 09/12/2018
+ms.date: 11/06/2018
author: greg-lindsay
---
@@ -24,6 +24,9 @@ This topic provides an overview of new solutions and online content related to d
- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index).
- For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history).
+## The Modern Desktop Deployment Center
+
+The [Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
## Windows 10 servicing and support
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index a38657a7be..ff0a09c58c 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
-ms.date: 11/02/2017
+ms.date: 11/06/2018
author: greg-lindsay
---
@@ -29,6 +29,10 @@ Windows 10 upgrade options are discussed and information is provided about plann
|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
+## Related topics
+
+[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
+
diff --git a/windows/deployment/images/UR-driver-issue-detail.png b/windows/deployment/images/UR-driver-issue-detail.png
new file mode 100644
index 0000000000..933b2e2346
Binary files /dev/null and b/windows/deployment/images/UR-driver-issue-detail.png differ
diff --git a/windows/deployment/images/UR-example-feedback.png b/windows/deployment/images/UR-example-feedback.png
new file mode 100644
index 0000000000..5a05bb54e1
Binary files /dev/null and b/windows/deployment/images/UR-example-feedback.png differ
diff --git a/windows/deployment/images/UR-monitor-main.png b/windows/deployment/images/UR-monitor-main.png
new file mode 100644
index 0000000000..83904d3be2
Binary files /dev/null and b/windows/deployment/images/UR-monitor-main.png differ
diff --git a/windows/deployment/images/UR-update-progress-failed-detail.png b/windows/deployment/images/UR-update-progress-failed-detail.png
new file mode 100644
index 0000000000..4e619ae27c
Binary files /dev/null and b/windows/deployment/images/UR-update-progress-failed-detail.png differ
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index b3b1dbc226..0161bd05b1 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -46,6 +46,7 @@ sections:
text: "
+ | [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) | Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Office 365 ProPlus deployments. |
| [What's new in Windows 10 deployment](deploy-whats-new.md) | See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. |
| [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) | To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
| [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) | Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). |
diff --git a/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md b/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md
index b5f0b2b68b..3aabb7b13b 100644
--- a/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md
+++ b/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md
@@ -1,8 +1,8 @@
---
-title: Upgrade Readiness - Get a list of computers that are upgrade-ready (Windows 10)
+title: Upgrade Readiness - Get a list of computers that are upgrade ready (Windows 10)
description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness.
ms.prod: w10
-author: greg-lindsay
+author: jaimeo
ms.date: 04/19/2017
---
diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
index 76e0198780..e295b3fa32 100644
--- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
+++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
@@ -93,7 +93,7 @@ The deployment script displays the following exit codes to let you know if it wa
N/A |
- | 1 - Unexpected error occurred while executiEng the script. |
+ 1 - Unexpected error occurred while executing the script. |
The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966) from the download center and try again. |
diff --git a/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md b/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md
new file mode 100644
index 0000000000..be3d2aee32
--- /dev/null
+++ b/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md
@@ -0,0 +1,48 @@
+---
+title: Monitor deployment with Upgrade Readiness
+description: Describes how to use Upgrade Readiness to monitor the deployment after Windows upgrades.
+keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics,
+ms.localizationpriority: medium
+ms.prod: w10
+author: jaimeo
+ms.author: jaimeo
+ms.date: 11/07/2018
+---
+
+# Upgrade Readiness - Step 4: Monitor
+
+Now that you have started deploying an update with Upgrade Readiness, you can use it to monitor important elements.
+
+
+
+
+## Update progress
+
+The **Update progress** blade allows you to monitor the progress and status of your deployment. Any device that has attepted to upgrade in the last 30 days displays the **DeploymentStatus** attribute. You'll be able to see the number of computers that have successfully upgraded, failed to upgrade, are stalled, etc.
+
+
+Selecting this blade allows you to view device-level details about the deployment. For example, select **Failed** to view the original operating system version, the target operating system version, and the reason the update failed for each of the devices that failed to upgrade. In the case of the device illustrated in the following image, an attempt was made to upgrade from Windows 10, version 1703 to 1709, but the operation timed out.
+
+
+
+
+## Driver issues
+
+The **Driver issues** blade allows you to see Device Manager errors for your upgraded devices. We include data for all compatibility-related device errors, such as "driver not found" and "driver not started." The blade summarizes errors by error type, but you can select a particular error type to see device-level details about which device(s) are failing and where to obtain a driver.
+
+
+For example, by selecting error code **28 - driver not installed**, you would see that the device in the following image is missing the driver for a network controller. Upgrade Readiness also notifies that a suitable driver is available online through Windows Update. If this device is configured to automatically receive updates from Windows Update, this issue would likely resolve itself following the device's next Windows Update scan. If this device does not automatically receive updates from Windows Update, you would need to deliver the driver manually.
+
+
+
+## User feedback
+
+The **User Feedback** blade focuses on gathering subjective feedback from your end users. If a user submits feedback through the Feedback Hub app on a device in your workspace, we will make that feedback visible to you in this blade. The Feedback Hub app is built into Windows 10 and can be accessed by typing "Feedback Hub" in the Cortana search bar.
+
+
+We recommend that you encourage your end users to submit any feedback they have through Feedback Hub. Not only will this feedback be sent directly to Microsoft for review, but you'll also be able to see it by using Upgrade Readiness. You should be aware that **feedback submitted through Feedback Hub will be publicly visible**, so it's best to avoid submitting feedback about internal line-of-business applications.
+
+When viewing user feedback in Upgrade Readiness, you'll be able to see the raw "Title" and "Feedback" text from the user's submission in Feedback Hub, as well as the number of upvotes the submission has received. (Since feedback is publicly visible, the number of upvotes is a global value and not specific to your company.) If a Microsoft engineer has responded to the submission in Feedback Hub, we'll pull in the Microsoft response for you to see as well.
+
+
+
\ No newline at end of file
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index f744169d27..684ee94aa7 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
-ms.date: 04/03/2018
+ms.date: 11/06/2018
author: greg-lindsay
---
@@ -19,9 +19,9 @@ author: greg-lindsay
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
-- Modern deployment methods are recommended unless you have a specific need to use a different procedure.
+- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
-- Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
+- Traditional deployment methods use existing tools to deploy operating system images.
| Category |
diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md
index 315115e706..dab69519b0 100644
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@@ -6,6 +6,8 @@
## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
### [Support for existing devices](existing-devices.md)
### [User-driven mode](user-driven.md)
+#### [Azure Active Directory joined](user-driven-aad.md)
+#### [Hybrid Azure Active Directory joined](user-driven-hybrid.md)
### [Self-deploying mode](self-deploying.md)
### [Enrollment status page](enrollment-status.md)
### [Windows Autopilot Reset](windows-autopilot-reset.md)
diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md
index dfdc2fb014..46286ceb3f 100644
--- a/windows/deployment/windows-autopilot/autopilot-faq.md
+++ b/windows/deployment/windows-autopilot/autopilot-faq.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
-ms.date: 10/31/2018
+ms.date: 11/05/2018
---
# Windows Autopilot FAQ
@@ -65,6 +65,11 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
| What is difference between OA3 Hardware Hash, 4K Hardware Hash, and Windows Autopilot Hardware Hash? | None. They’re different names for the same thing. The Windows 10, 1703 version of the OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using a non-1703 version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. |
| What is the thought around parts replacement and/or repair for the NIC (network interface controller) and/or Disk? Will the Hardware Hash become invalid? | Yes. If you replace parts, you need to gather the new Hardware Hash, though it depends on what is replaced, and the characteristics of the parts. For example, if you replace the TPM or motherboard, it’s a new device – you MUST have new Hardware Hash. If you replace one network card, it’s probably not a new device, and the device will function with the old Hardware Hash. However, as a best practice, you should assume the old Hardware Hash is invalid and get a new Hardware Hash after any hardware changes – this is Microsoft’s strong recommendation any time you replace parts. |
+## Motherboard replacement
+
+| Question | Answer |
+| --- | --- |
+| How does Autopilot handle motherboard replacement scenarios?” | Motherboard replacement is out for scope for Autopilot. Any device that is repaired or serviced in a way that alters the ability to identify the device for Windows Autopilot must go through the normal OOBE process, and manually select the right settings or apply a custom image - as is the case today.
To reuse the same device for Windows Autopilot after a motherboard replacement, the device would need to be de-registered from Autopilot, the motherboard replaced, a new 4K HH harvested, and then re-registered using the new 4K HH (or device ID).
**Note**: An OEM will not be able to use the OEM Direct API to re-register the device, since the the OEM Direct API only accepts a tuple or PKID. In this case, the OEM would either have to send the new 4K HH info via a CSV file to customer, and let customer reregister the device via MSfB or Intune.|
## SMBIOS
diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index 28d5f2748f..72bca7e019 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
-ms.date: 10/31/2018
+ms.date: 11/05/2018
---
# Windows Autopilot for existing devices
@@ -298,3 +298,7 @@ The Task Sequence will download content, reboot, format the drives and install W
Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profile).
Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices).
+
+## Speeding up the deployment process
+
+To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/).
diff --git a/windows/deployment/windows-autopilot/user-driven-aad.md b/windows/deployment/windows-autopilot/user-driven-aad.md
index 6da9e99b33..b63517060d 100644
--- a/windows/deployment/windows-autopilot/user-driven-aad.md
+++ b/windows/deployment/windows-autopilot/user-driven-aad.md
@@ -1,19 +1,35 @@
----
-title: User-driven mode for AAD
-description: Listing of Autopilot scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
-ms.author: greg-lindsay
-ms.date: 10/02/2018
----
-
-# Windows Autopilot user-driven mode for Azure Active Directory
-
-**Applies to: Windows 10**
-
-PLACEHOLDER. This topic is a placeholder for the AAD-specific instuctions currently in user-driven.md.
+---
+title: User-driven mode for AAD
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: low
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greg-lindsay
+ms.date: 11/07/2018
+---
+
+# Windows Autopilot user-driven mode for Azure Active Directory join
+
+**Applies to: Windows 10**
+
+## Procedures
+
+In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
+
+- Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory. See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
+- Create an Autopilot profile for user-driven mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
+- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
+
+For each device that will be deployed using user-driven deployment, these additional steps are needed:
+
+- Ensure that the device has been added to Windows Autopilot. This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later. See [Adding devices to Windows Autopilot](add-devices.md) for more information.
+- Ensure an Autopilot profile has been assigned to the device:
+ - If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
+ - If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
+ - If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
+
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md
index 6f4a760dcc..88e4a87f15 100644
--- a/windows/deployment/windows-autopilot/user-driven-hybrid.md
+++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md
@@ -9,12 +9,31 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
---
-# Windows Autopilot user-driven mode for Hybrid Azure Active Directory Join
+# Windows Autopilot user-driven mode for hybrid Azure Active Directory join
**Applies to: Windows 10**
-PLACEHOLDER. This topic is a placeholder for the AD-specific (hybrid) instuctions.
+Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).
+
+## Requirements
+
+To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
+
+- Users must be able to join devices to Azure Active Directory.
+- A Windows Autopilot profile for user-driven mode must be created and
+ - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
+- If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
+- The device must be running Windows 10, version 1809 or later.
+- The device must be connected to the Internet and have access to an Active Directory domain controller.
+- The Intune Connector for Active Directory must be installed.
+ - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf.
+
+## Step by step instructions
+
+See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
+
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md
index 1aa1ad5321..4fd86ef3b5 100644
--- a/windows/deployment/windows-autopilot/user-driven.md
+++ b/windows/deployment/windows-autopilot/user-driven.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
ms.author: greg-lindsay
-ms.date: 10/02/2018
+ms.date: 11/07/2018
---
+# Windows Autopilot user-driven mode
+
Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device. The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
- Unbox the device, plug it in, and turn it on.
@@ -24,21 +26,12 @@ After completing those simple steps, the remainder of the process is completely
Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
-## Step by step
+## Available user-driven modes
-In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
+The following options are available for user-driven deployment:
-- Ensure that the users who will be performing user-driven mode deployments are able to join devices to Azure Active Directory. See [Configure device settings](https://docs.microsoft.com/azure/active-directory/device-management-azure-portal#configure-device-settings) in the Azure Active Directory documentation for more information.
-- Create an Autopilot profile for user-driven mode with the desired settings. In Microsoft Intune, this mode is explicitly chosen when creating the profile. With Microsoft Store for Business and Partner Center, user-driven mode is the default and does not need to be selected.
-- If using Intune, create a device group in Azure Active Directory and assign the Autopilot profile to that group.
-
-For each machine that will be deployed using user-driven deployment, these additional steps are needed:
-
-- Ensure that the device has been added to Windows Autopilot. This can be done automatically by an OEM or partner at the time the device is purchased, or it can be done through a manual harvesting process later. See [Adding devices to Windows Autopilot](add-devices.md) for more information.
-- Ensure an Autopilot profile has been assigned to the device:
- - If using Intune and Azure Active Directory dynamic device groups, this can be done automatically.
- - If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
- - If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
+- [Azure Active Directory join](user-driven-aad.md) is available if devices do not need to be joined to an on-prem Active Directory domain.
+- [Hybrid Azure Active Directory join](user-driven-hybrid.md) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
## Validation
diff --git a/windows/deployment/windows-autopilot/windows-10-autopilot.md b/windows/deployment/windows-autopilot/windows-10-autopilot.md
index 9611b51a68..6b988faa67 100644
--- a/windows/deployment/windows-autopilot/windows-10-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-10-autopilot.md
@@ -51,8 +51,8 @@ The Windows Autopilot Deployment Program enables you to:
##### Prerequisites
- >[!NOTE]
- >Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
+>[!NOTE]
+>Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
* [Devices must be registered to the organization](#device-registration-and-oobe-customization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
@@ -126,7 +126,7 @@ To manage devices behind firewalls and proxy servers, the following URLs need to
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
->If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
+>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidelines for [Microsoft Intune](https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index dce0c91085..c0acd3cd73 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
-ms.date: 09/10/2018
+ms.date: 11/07/2018
---
@@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -60,15 +61,15 @@ The following fields are available:
- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device.
- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device.
-- **InventoryLanguagePack** The count of DecisionApplicationFile objects present on this machine targeting the next release of Windows
-- **InventorySystemBios** The count of DecisionDevicePnp objects present on this machine targeting the next release of Windows
-- **PCFP** The count of DecisionDriverPackage objects present on this machine targeting the next release of Windows
-- **SystemProcessorCompareExchange** The count of DecisionMatchingInfoBlock objects present on this machine targeting the next release of Windows
-- **SystemProcessorNx** The count of DataSourceMatchingInfoPostUpgrade objects present on this machine targeting the next release of Windows
-- **SystemProcessorSse2** The count of DecisionMatchingInfoPostUpgrade objects present on this machine targeting the next release of Windows
-- **SystemWim** The count of DecisionMediaCenter objects present on this machine targeting the next release of Windows
-- **SystemWindowsActivationStatus** The count of DecisionSystemBios objects present on this machine targeting the next release of Windows
-- **SystemWlan** The count of InventoryApplicationFile objects present on this machine.
+- **InventoryLanguagePack** The total InventoryLanguagePack objects that are present on this device.
+- **InventorySystemBios** The total InventorySystemBios objects that are present on this device.
+- **PCFP** An ID for the system that is calculated by hashing hardware identifiers.
+- **SystemProcessorCompareExchange** The total SystemProcessorCompareExchange objects that are present on this device.
+- **SystemProcessorNx** The total SystemProcessorNx objects that are present on this device.
+- **SystemProcessorSse2** The total SystemProcessorSse2 objects that are present on this device.
+- **SystemWim** The total SystemWim objects that are present on this device
+- **SystemWindowsActivationStatus** The total SystemWindowsActivationStatus objects that are present on this device.
+- **SystemWlan** The total SystemWlan objects that are present on this device.
- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device.
@@ -334,7 +335,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates that the DecisionApplicationFile object is no longer present.
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -670,7 +671,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -1472,6 +1473,12 @@ The following fields are available:
- **SocketCount** Number of physical CPU sockets of the machine.
+### Census.Security
+
+Provides information on several important data points about security settings.
+
+
+
### Census.Speech
This event is used to gather basic speech settings on the device.
@@ -2058,6 +2065,23 @@ The following fields are available:
- **devinv.dll** The file version of the Device inventory component.
+### Microsoft.Windows.Inventory.Core.FileSigningInfoAdd
+
+This event enumerates the signatures of files, either driver packages or application executables. For driver packages, this data is collected on demand via Telecommand to limit it only to unrecognized driver packages, saving time for the client and space on the server. For applications, this data is collected for up to 10 random executables on a system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **CatalogSigners** Signers from catalog. Each signer starts with Chain.
+- **DriverPackageStrongName** Optional. Available only if FileSigningInfo is collected on a driver package.
+- **EmbeddedSigners** Embedded signers. Each signer starts with Chain.
+- **FileName** The file name of the file whose signatures are listed.
+- **FileType** Either exe or sys, depending on if a driver package or application executable.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Thumbprint** Comma separated hash of the leaf node of each signer. Semicolon is used to separate CatalogSigners from EmbeddedSigners. There will always be a trailing comma.
+
+
### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
This event sends basic metadata about an application on the system to help keep Windows up to date.
@@ -2251,7 +2275,7 @@ The following fields are available:
- **Enumerator** The bus that enumerated the device
- **HWID** A JSON array that provides the value and order of the HWID tree for the device. See [HWID](#hwid).
- **Inf** The INF file name.
-- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx
+- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
- **InventoryVersion** The version of the inventory file generating the events.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device.
- **LowerFilters** Lower filter drivers IDs installed for the device
@@ -2379,6 +2403,90 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
+
+Invalid variant - Provides data on the installed Office Add-ins
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd
+
+Provides data on the Office identifiers.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd
+
+Provides data on Office-related Internet Explorer features.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd
+
+This event provides insight data on the installed Office products
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd
+
+Describes Office Products installed.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd
+
+This event describes various Office settings
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync
+
+Indicates a new sync is being generated for this object type.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
+
+Provides data on Unified Update Platform (UUP) products and what version they are at.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+
+
### Microsoft.Windows.Inventory.Indicators.Checksum
This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events.
@@ -2546,14 +2654,14 @@ The following fields are available:
- **AppVersion** The version of the app.
- **BuildArch** Is the architecture x86 or x64?
- **Environment** Is the device on the production or int service?
-- **IsMSFTInternal** Is this an internal Microsoft device?
-- **MachineGuid** The CEIP machine ID.
+- **IsMSFTInternal** TRUE if the device is an internal Microsoft device.
+- **MachineGuid** The GUID (Globally Unique ID) that identifies the machine for the CEIP (Customer Experience Improvement Program).
- **Market** Which market is this in?
- **OfficeVersion** The version of Office that is installed.
- **OneDriveDeviceId** The OneDrive device ID.
- **OSDeviceName** Only if the device is internal to Microsoft, the device name.
- **OSUserName** Only if the device is internal to Microsoft, the user name.
-- **UserGuid** A unique global user identifier.
+- **UserGuid** The GUID (Globally Unique ID) of the user currently logged in.
### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
@@ -2605,12 +2713,12 @@ The following fields are available:
### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
-This event determines the outcome of the operation.
+This event sends information describing the result of the update.
The following fields are available:
- **hr** The HResult of the operation.
-- **IsLoggingEnabled** Is logging enabled?
+- **IsLoggingEnabled** Indicates whether logging is enabled for the updater.
- **UpdaterVersion** The version of the updater.
@@ -2642,11 +2750,48 @@ The following fields are available:
- **winInetError** The HResult of the operation.
+## Other events
+
+### Microsoft.Xbox.XamTelemetry.AppActivationError
+
+This event indicates whether the system detected an activation error in the app.
+
+The following fields are available:
+
+- **ActivationUri** Activation URI (Uniform Resource Identifier) used in the attempt to activate the app.
+- **AppId** The Xbox LIVE Title ID.
+- **AppUserModelId** The AUMID (Application User Model ID) of the app to activate.
+- **Result** The HResult error.
+- **UserId** The Xbox LIVE User ID (XUID).
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivity
+
+This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
+
+The following fields are available:
+
+- **AppActionId** The ID of the application action.
+- **AppCurrentVisibilityState** The ID of the current application visibility state.
+- **AppId** The Xbox LIVE Title ID of the app.
+- **AppPackageFullName** The full name of the application package.
+- **AppPreviousVisibilityState** The ID of the previous application visibility state.
+- **AppSessionId** The application session ID.
+- **AppType** The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
+- **BCACode** The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
+- **DurationMs** The amount of time (in milliseconds) since the last application state transition.
+- **IsTrialLicense** This boolean value is TRUE if the application is on a trial license.
+- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
+- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
+- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application.
+- **UserId** The XUID (Xbox User ID) of the current user.
+
+
## Remediation events
### Microsoft.Windows.Remediation.Applicable
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
@@ -2669,7 +2814,7 @@ The following fields are available:
- **HResult** The HRESULT for detection or perform action phases of the plugin.
- **IsAppraiserLatestResult** The HRESULT from the appraiser task.
- **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected.
-- **LastHresult** The HRESULT for detection or perform action phases of the plugin.
+- **LastHresult** The HResult of the operation.
- **LastRun** The date of the most recent SIH run.
- **NextRun** Date of the next scheduled SIH run.
- **PackageVersion** The version of the current remediation package.
@@ -2730,7 +2875,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
@@ -2807,7 +2952,7 @@ The following fields are available:
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
-- **usoScanType** The type of USO (Update Session Orchestrator) scan (Interactive or Background).
+- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes.
- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes.
- **WindowsOldFolderSizeInMegabytes** The size of the Windows.OLD folder, measured in Megabytes.
@@ -2819,156 +2964,17 @@ The following fields are available:
- **WindowsSxsTempFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes.
-### Microsoft.Windows.Remediation.DiskCleanUnExpectedErrorEvent
-
-This event indicates that an unexpected error occurred during an update and provides information to help address the issue.
-
-The following fields are available:
-
-- **CV** The Correlation vector.
-- **ErrorMessage** A description of any errors encountered while the plug-in was running.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **Hresult** The result of the event execution.
-- **PackageVersion** The version number of the current remediation package.
-- **SessionGuid** GUID associated with a given execution of sediment pack.
-
-
-### Microsoft.Windows.Remediation.Error
-
-This event indicates a Sediment Pack error (update stack failure) has been detected and provides information to help address the issue.
-
-The following fields are available:
-
-- **HResult** The result of the event execution.
-- **Message** A message containing information about the error that occurred.
-- **PackageVersion** The version number of the current remediation package.
-
-
-### Microsoft.Windows.Remediation.FallbackError
-
-This event indicates an error when Self Update results in a Fallback and provides information to help address the issue.
-
-The following fields are available:
-
-- **s0** Indicates the Fallback error level. See [Microsoft.Windows.Remediation.wilResult](#microsoftwindowsremediationwilresult).
-- **wilResult** The result of the Windows Installer Logging. See [wilResult](#wilresult).
-
-
-### Microsoft.Windows.Remediation.RemediationNotifyUserFixIssuesInvokeUIEvent
-
-This event occurs when the Notify User task executes and provides information about the cause of the notification.
-
-The following fields are available:
-
-- **CV** The Correlation vector.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **PackageVersion** The version number of the current remediation package.
-- **RemediationNotifyUserFixIssuesCallResult** The result of calling the USO (Update Session Orchestrator) sequence steps.
-- **RemediationNotifyUserFixIssuesUsoDownloadCalledHr** The error code from the USO (Update Session Orchestrator) download call.
-- **RemediationNotifyUserFixIssuesUsoInitializedHr** The error code from the USO (Update Session Orchestrator) initialize call.
-- **RemediationNotifyUserFixIssuesUsoProxyBlanketHr** The error code from the USO (Update Session Orchestrator) proxy blanket call.
-- **RemediationNotifyUserFixIssuesUsoSetSessionHr** The error code from the USO (Update Session Orchestrator) session call.
-
-
-### Microsoft.Windows.Remediation.RemediationShellFailedAutomaticAppUpdateModifyEventId
-
-This event provides the modification of the date on which an Automatic App Update scheduled task failed and provides information about the failure.
-
-The following fields are available:
-
-- **CV** The Correlation Vector.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **hResult** The result of the event execution.
-- **PackageVersion** The version number of the current remediation package.
-
-
-### Microsoft.Windows.Remediation.RemediationShellUnexpectedExceptionId
-
-This event identifies the remediation plug-in that returned an unexpected exception and provides information about the exception.
-
-The following fields are available:
-
-- **CV** The Correlation Vector.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **PackageVersion** The version number of the current remediation package.
-- **RemediationShellUnexpectedExceptionId** The ID of the remediation plug-in that caused the exception.
-
-
-### Microsoft.Windows.Remediation.RemediationUHEnableServiceFailed
-
-This event tracks the health of key update (Remediation) services and whether they are enabled.
-
-The following fields are available:
-
-- **CV** The Correlation Vector.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **hResult** The result of the event execution.
-- **PackageVersion** The version number of the current remediation package.
-- **serviceName** The name associated with the operation.
-
-
-### Microsoft.Windows.Remediation.RemediationUpgradeSucceededDataEventId
-
-This event returns information about the upgrade upon success to help ensure Windows is up to date.
-
-The following fields are available:
-
-- **AppraiserPlugin** TRUE / FALSE depending on whether the Appraiser plug-in task fix was successful.
-- **ClearAUOptionsPlugin** TRUE / FALSE depending on whether the AU (Auto Updater) Options registry keys were successfully deleted.
-- **CV** The Correlation Vector.
-- **DatetimeSyncPlugin** TRUE / FALSE depending on whether the DateTimeSync plug-in ran successfully.
-- **DiskCleanupPlugin** TRUE / FALSE depending on whether the DiskCleanup plug-in ran successfully.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **NoisyHammerPlugin** TRUE / FALSE depending on whether the NoisyHammer plug-in ran successfully.
-- **PackageVersion** The version number of the current remediation package.
-- **RebootRequiredPlugin** TRUE / FALSE depending on whether the Reboot plug-in ran successfully.
-- **RemediationNotifyUserFixIssuesPlugin** TRUE / FALSE depending on whether the User Fix Issues plug-in ran successfully
-- **RemediationPostUpgradeDiskSpace** The amount of disk space available after the upgrade.
-- **RemediationPostUpgradeHibernationSize** The size of the Hibernation file after the upgrade.
-- **ServiceHealthPlugin** A list of services updated by the plug-in.
-- **SIHHealthPlugin** TRUE / FALSE depending on whether the SIH Health plug-in ran successfully.
-- **StackDataResetPlugin** TRUE / FALSE depending on whether the update stack completed successfully.
-- **TaskHealthPlugin** A list of tasks updated by the plug-in.
-- **UpdateApplicabilityFixerPlugin** TRUE / FALSE depending on whether the update applicability fixer plug-in completed successfully.
-- **WindowsUpdateEndpointPlugin** TRUE / FALSE depending on whether the Windows Update Endpoint was successful.
-
-
### Microsoft.Windows.Remediation.Started
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
-- **CV** The Correlation Vector.
-- **GlobalEventCounter** The client-side counter that indicates ordering of events.
-- **PackageVersion** The version number of the current remediation package.
-- **PluginName** The name of the plug-in specified for each generic plug-in event.
-- **Result** The HRESULT for Detection or Perform Action phases of the plug-in.
-
-
-### Microsoft.Windows.Remediation.wilResult
-
-This event provides Self Update information to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext** A list of diagnostic activities containing this error.
-- **currentContextId** An identifier for the newest diagnostic activity containing this error.
-- **currentContextMessage** A message associated with the most recent diagnostic activity containing this error (if any).
-- **currentContextName** Name of the most recent diagnostic activity containing this error.
-- **failureCount** Number of failures seen within the binary where the error occurred.
-- **failureId** The identifier assigned to this failure.
-- **failureType** Indicates the type of failure observed (exception, returned, error, logged error, or fail fast).
-- **fileName** The source code file name where the error occurred.
-- **function** The name of the function where the error occurred.
-- **hresult** The failure error code.
-- **lineNumber** The Line Number within the source code file where the error occurred.
-- **message** A message associated with the failure (if any).
-- **module** The name of the binary module in which the error occurred.
-- **originatingContextId** The identifier for the oldest diagnostic activity containing this error.
-- **originatingContextMessage** A message associated with the oldest diagnostic activity containing this error (if any).
-- **originatingContextName** The name of the oldest diagnostic activity containing this error.
-- **threadId** The identifier of the thread the error occurred on.
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
## Sediment events
@@ -3320,15 +3326,17 @@ The following fields are available:
- **Time** The system time at which the event occurred.
+## Sediment Launcher events
+
### Microsoft.Windows.SedimentLauncher.Applicable
-Indicates whether a given plugin is applicable.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
- **CV** Correlation vector.
- **DetectedCondition** Boolean true if detect condition is true and perform action will be run.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **IsSelfUpdateEnabledInOneSettings** True if self update enabled in Settings.
- **IsSelfUpdateNeeded** True if self update needed by device.
- **PackageVersion** Current package version of Remediation.
@@ -3338,97 +3346,43 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed
-Indicates whether a given plugin has completed its work.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
- **CV** Correlation vector.
- **FailedReasons** Concatenated list of failure reasons.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
- **SedLauncherExecutionResult** HRESULT for one execution of the Sediment Launcher.
-### Microsoft.Windows.SedimentLauncher.Error
-
-This event indicates an error occurred during the execution of the plug-in. The information provided helps ensure future upgrade/update attempts are more successful.
-
-The following fields are available:
-
-- **HResult** The result for the Detection or Perform Action phases of the plug-in.
-- **Message** A message containing information about the error that occurred (if any).
-- **PackageVersion** The version number of the current remediation package.
-
-
-### Microsoft.Windows.SedimentLauncher.FallbackError
-
-This event indicates that an error occurred during execution of the plug-in fallback.
-
-The following fields are available:
-
-- **s0** Error occurred during execution of the plugin fallback. See [Microsoft.Windows.SedimentLauncher.wilResult](#microsoftwindowssedimentlauncherwilresult).
-
-
-### Microsoft.Windows.SedimentLauncher.Information
-
-This event provides general information returned from the plug-in.
-
-The following fields are available:
-
-- **HResult** This is the HRESULT for detection or perform action phases of the plugin.
-- **Message** Information message returned from a plugin containing only information internal to the plugins execution.
-- **PackageVersion** Current package version of Remediation.
-
-
### Microsoft.Windows.SedimentLauncher.Started
-This event indicates that a given plug-in has started.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
-### Microsoft.Windows.SedimentLauncher.wilResult
-
-This event provides the result from the Windows internal library.
-
-The following fields are available:
-
-- **callContext** List of telemetry activities containing this error.
-- **currentContextId** Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName** Name of the newest telemetry activity containing this error.
-- **failureCount** Number of failures seen within the binary where the error occurred.
-- **failureId** Identifier assigned to this failure.
-- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName** Source code file name where the error occurred.
-- **function** Name of the function where the error occurred.
-- **hresult** Failure error code.
-- **lineNumber** Line number within the source code file where the error occurred.
-- **message** Custom message associated with the failure (if any).
-- **module** Name of the binary where the error occurred.
-- **originatingContextId** Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName** Name of the oldest telemetry activity containing this error.
-- **threadId** Identifier of the thread the error occurred on.
-
+## Sediment Service events
### Microsoft.Windows.SedimentService.Applicable
-This event indicates whether a given plug-in is applicable.
+This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date.
The following fields are available:
- **CV** Correlation vector.
- **DetectedCondition** Determine whether action needs to run based on device properties.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **IsSelfUpdateEnabledInOneSettings** Indicates if self update is enabled in One Settings.
- **IsSelfUpdateNeeded** Indicates if self update is needed.
- **PackageVersion** Current package version of Remediation.
@@ -3438,13 +3392,13 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed
-This event indicates whether a given plug-in has completed its work.
+This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date.
The following fields are available:
- **CV** Correlation vector.
- **FailedReasons** List of reasons when the plugin action failed.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
@@ -3458,40 +3412,9 @@ The following fields are available:
- **SedimentServiceTotalIterations** Number of 5 second iterations service will wait before running again.
-### Microsoft.Windows.SedimentService.Error
-
-This event indicates whether an error condition occurred in the plug-in.
-
-The following fields are available:
-
-- **HResult** This is the HRESULT for detection or perform action phases of the plugin.
-- **Message** Custom message associated with the failure (if any).
-- **PackageVersion** Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentService.FallbackError
-
-This event indicates whether an error occurred for a fallback in the plug-in.
-
-The following fields are available:
-
-- **s0** Event returned when an error occurs for a fallback in the plugin. See [Microsoft.Windows.SedimentService.wilResult](#microsoftwindowssedimentservicewilresult).
-
-
-### Microsoft.Windows.SedimentService.Information
-
-This event provides general information returned from the plug-in.
-
-The following fields are available:
-
-- **HResult** This is the HRESULT for detection or perform action phases of the plugin.
-- **Message** Custom message associated with the failure (if any).
-- **PackageVersion** Current package version of Remediation.
-
-
### Microsoft.Windows.SedimentService.Started
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date.
The following fields are available:
@@ -3502,31 +3425,6 @@ The following fields are available:
- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
-### Microsoft.Windows.SedimentService.wilResult
-
-This event provides the result from the Windows internal library.
-
-The following fields are available:
-
-- **callContext** List of telemetry activities containing this error.
-- **currentContextId** Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName** Name of the newest telemetry activity containing this error.
-- **failureCount** Number of failures seen within the binary where the error occurred.
-- **failureId** Identifier assigned to this failure.
-- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName** Source code file name where the error occurred.
-- **function** Name of the function where the error occurred.
-- **hresult** Failure error code.
-- **lineNumber** Line number within the source code file where the error occurred.
-- **message** Custom message associated with the failure (if any).
-- **module** Name of the binary where the error occurred.
-- **originatingContextId** Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName** Name of the oldest telemetry activity containing this error.
-- **threadId** Identifier of the thread the error occurred on.
-
-
## Setup events
### SetupPlatformTel.SetupPlatformTelActivityEvent
@@ -3821,7 +3719,7 @@ The following fields are available:
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.).
- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway.
- **ShippingMobileOperator** The mobile operator that a device shipped on.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -4118,6 +4016,22 @@ The following fields are available:
- **UpdateId** Unique ID for each update.
+### Update360Telemetry.UpdateAgent_FellBackToCanonical
+
+This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **PackageCount** The number of packages that fell back to “canonical”.
+- **PackageList** PackageIDs which fell back to “canonical”.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
### Update360Telemetry.UpdateAgent_Initialize
This event sends data during the initialize phase of updating Windows.
@@ -4152,6 +4066,22 @@ The following fields are available:
- **UpdateId** Unique ID for each update.
+### Update360Telemetry.UpdateAgent_Merge
+
+This event sends data on the merge phase when updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current reboot.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
### Update360Telemetry.UpdateAgent_ModeStart
This event sends data for the start of each mode during the process of updating Windows.
@@ -4184,6 +4114,130 @@ The following fields are available:
- **UpdateId** Unique ID for each update.
+### Update360Telemetry.UpdateAgentDownloadRequest
+
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile.
+
+The following fields are available:
+
+- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted.
+- **DownloadRequests** Number of times a download was retried.
+- **ErrorCode** The error code returned for the current download request phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique ID for each flight.
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **PackageCountOptional** # of optional packages requested.
+- **PackageCountRequired** # of required packages requested.
+- **PackageCountTotal** Total # of packages needed.
+- **PackageCountTotalCanonical** Total number of canonical packages.
+- **PackageCountTotalDiff** Total number of diff packages.
+- **PackageCountTotalExpress** Total number of express packages.
+- **PackageExpressType** Type of express package.
+- **PackageSizeCanonical** Size of canonical packages in bytes.
+- **PackageSizeDiff** Size of diff packages in bytes.
+- **PackageSizeExpress** Size of express packages in bytes.
+- **RangeRequestState** Indicates the range request type used.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the download request phase of update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentInitialize
+
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **FlightMetadata** Contains the FlightId and the build being flighted.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMitigationResult
+
+This event sends data indicating the result of each update agent mitigation.
+
+The following fields are available:
+
+- **Applicable** Indicates whether the mitigation is applicable for the current update.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightId** Unique identifier for each flight.
+- **Index** The mitigation index of this particular mitigation.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly name of the mitigation.
+- **ObjectId** Unique value for each Update Agent mode.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentMitigationSummary
+
+This event sends a summary of all the update agent mitigations available for an this update.
+
+
+
+### Update360Telemetry.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **Mode** Indicates the mode that has started.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **Version** Version of update
+
+
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+
+
+### Update360Telemetry.UpdateAgentSetupBoxLaunch
+
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs.
+
+The following fields are available:
+
+- **ContainsExpressPackage** Indicates whether the download package is express.
+- **FlightId** Unique ID for each flight.
+- **FreeSpace** Free space on OS partition.
+- **InstallCount** Number of install attempts using the same sandbox.
+- **ObjectId** Unique value for each Update Agent mode.
+- **Quiet** Indicates whether setup is running in quiet mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **SandboxSize** Size of the sandbox.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **SetupMode** Mode of setup to be launched.
+- **UpdateId** Unique ID for each Update.
+- **UserSession** Indicates whether install was invoked by user actions.
+
+
## Upgrade events
### Setup360Telemetry.Downlevel
@@ -4242,9 +4296,9 @@ The following fields are available:
- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
-- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
- **TestId** ID that uniquely identifies a group of events.
- **WuId** Windows Update client ID.
@@ -4375,6 +4429,24 @@ This event helps determine whether the device received supplemental content duri
+### Setup360Telemetry.Setup360MitigationResult
+
+This event sends data indicating the result of each setup mitigation.
+
+
+
+### Setup360Telemetry.Setup360MitigationSummary
+
+This event sends a summary of all the setup mitigations available for this update.
+
+
+
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+
+
### Setup360Telemetry.UnexpectedEvent
This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
@@ -4388,7 +4460,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@@ -4819,11 +4891,11 @@ The following fields are available:
- **errorCode** The error code that was returned.
- **experimentId** When running a test, this is used to correlate events that are part of the same test.
- **fileID** The ID of the file being downloaded.
-- **isVpn** Is the device connected to a Virtual Private Network?
+- **isVpn** Indicates whether the device is connected to a VPN (Virtual Private Network).
- **scenarioID** The ID of the scenario.
- **sessionID** The ID of the file download session.
- **updateID** The ID of the update being downloaded.
-- **usedMemoryStream** Did the download use memory streaming?
+- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads.
### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
@@ -4862,7 +4934,7 @@ The following fields are available:
- **updateID** The ID of the update being downloaded.
- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
- **uplinkUsageBps** The upload speed (in bytes per second).
-- **usedMemoryStream** Did the download use memory streaming?
+- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads.
### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
@@ -5146,6 +5218,17 @@ The following fields are available:
- **wuDeviceid** The Windows Update device GUID.
+### Microsoft.Windows.Update.Orchestrator.DeferRestart
+
+This event indicates that a restart required for installing updates was postponed.
+
+The following fields are available:
+
+- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
+- **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery).
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.Detection
This event indicates that a scan for a Windows Update occurred.
@@ -5192,7 +5275,7 @@ The following fields are available:
- **EventPublishedTime** Time when this event was generated.
- **flightID** The specific ID of the Windows Insider build.
- **revisionNumber** Update revision number.
-- **updateId** Unique Windows Update ID.
+- **updateId** Unique Update ID.
- **updateScenarioType** Update session type.
- **UpdateStatus** Last status of update.
- **wuDeviceid** Unique Device ID.
@@ -5240,6 +5323,30 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.LowUptimes
+
+This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure.
+
+The following fields are available:
+
+- **lowUptimeMinHours** Current setting for the minimum number of hours needed to not be considered low uptime.
+- **lowUptimeQueryDays** Current setting for the number of recent days to check for uptime.
+- **uptimeMinutes** Number of minutes of uptime measured.
+- **wuDeviceid** Unique device ID for Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
+
+This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date.
+
+The following fields are available:
+
+- **externalOneshotupdate** The last time a task-triggered scan was completed.
+- **interactiveOneshotupdate** The last time an interactive scan was completed.
+- **oldlastscanOneshotupdate** The last time a scan completed successfully.
+- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID).
+
+
### Microsoft.Windows.Update.Orchestrator.PostInstall
This event is sent after a Windows update install completes.
@@ -5256,6 +5363,15 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
+
+This event is generated before the shutdown and commit operations.
+
+The following fields are available:
+
+- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
### Microsoft.Windows.Update.Orchestrator.RebootFailed
This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date.
@@ -5276,6 +5392,18 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.RefreshSettings
+
+This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode** Hex code for the error message, to allow lookup of the specific error.
+- **settingsDownloadTime** Timestamp of the last attempt to acquire settings.
+- **settingsETag** Version identifier for the settings.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date.
@@ -5332,6 +5460,32 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
+
+This event sends information about an update that encountered problems and was not able to complete.
+
+The following fields are available:
+
+- **errorCode** The error code encountered.
+- **wuDeviceid** The ID of the device in which the error occurred.
+
+
+### Microsoft.Windows.Update.Orchestrator.UsoSession
+
+This event represents the state of the USO service at start and completion.
+
+The following fields are available:
+
+- **activeSessionid** A unique session GUID.
+- **eventScenario** The state of the update action.
+- **interactive** Is the USO session interactive?
+- **lastErrorcode** The last error that was encountered.
+- **lastErrorstate** The state of the update when the last error was encountered.
+- **sessionType** A GUID that refers to the update session type.
+- **updateScenarioType** A descriptive update session type.
+- **wuDeviceid** The Windows Update device GUID.
+
+
### Microsoft.Windows.Update.UpdateStackServicing.CheckForUpdates
This event sends data about the UpdateStackServicing check for updates, to help keep Windows up to date.
@@ -5352,6 +5506,28 @@ The following fields are available:
- **WUDeviceID** The Windows Update device ID.
+### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
+
+This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
+- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed.
+- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs.
+- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode.
+- **ETag** The Entity Tag that represents the OneSettings version.
+- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device.
+- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device.
+- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending.
+- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode.
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+
+
### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
This event is sent when a security update has successfully completed.
@@ -5390,7 +5566,7 @@ The following fields are available:
### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
-This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up-to-date.
+This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up to date.
The following fields are available:
@@ -5406,6 +5582,14 @@ The following fields are available:
- **wuDeviceid** The Windows Update device GUID.
+## Windows Update mitigation events
+
+### Mitigation360Telemetry.MitigationCustom.FixupEditionId
+
+This event sends data specific to the FixupEditionId mitigation used for OS Updates.
+
+
+
## Winlogon events
### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index f1ca2eae5e..7ed5621811 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
-ms.date: 10/10/2018
+ms.date: 11/07/2018
---
@@ -65,20 +65,20 @@ The following fields are available:
- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers.
- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
-- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine.
+- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
- **InventorySystemBios** The count of the number of this particular object type present on this device.
- **InventoryTest** The count of the number of this particular object type present on this device.
- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
-- **PCFP** An ID for the system, calculated by hashing hardware identifiers.
+- **PCFP** The count of the number of this particular object type present on this device.
- **SystemMemory** The count of the number of this particular object type present on this device.
- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device.
- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device.
- **SystemProcessorNx** The count of the number of this particular object type present on this device.
-- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine.
-- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine.
+- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device.
+- **SystemProcessorSse2** The count of the number of this particular object type present on this device.
- **SystemTouch** The count of the number of this particular object type present on this device.
-- **SystemWim** The count of SystemWim objects present on this machine.
+- **SystemWim** The count of the number of this particular object type present on this device.
- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
- **SystemWlan** The count of the number of this particular object type present on this device.
- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
@@ -359,7 +359,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates that the DecisionApplicationFile object is no longer present.
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -706,7 +706,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -1209,6 +1209,23 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+### Microsoft.Windows.Appraiser.General.SystemWlanAdd
+
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked because of an emulated WLAN driver?
+- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block?
+- **WlanEmulatedDriver** Does the device have an emulated WLAN driver?
+- **WlanExists** Does the device support WLAN at all?
+- **WlanModulePresent** Are any WLAN modules present?
+- **WlanNativeDriver** Does the device have a non-emulated WLAN driver?
+
+
### Microsoft.Windows.Appraiser.General.SystemWlanRemove
This event indicates that the SystemWlan object is no longer present.
@@ -1525,16 +1542,16 @@ The following fields are available:
- **KvaShadow** Microcode info of the processor.
- **MMSettingOverride** Microcode setting of the processor.
- **MMSettingOverrideMask** Microcode setting override of the processor.
-- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system.
-- **ProcessorClockSpeed** Clock speed of the processor in MHz.
-- **ProcessorCores** Number of logical cores in the processor.
-- **ProcessorIdentifier** Processor Identifier of a manufacturer.
-- **ProcessorManufacturer** Name of the processor manufacturer.
-- **ProcessorModel** Name of the processor model.
+- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture.
+- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz.
+- **ProcessorCores** Retrieves the number of cores in the processor.
+- **ProcessorIdentifier** The processor identifier of a manufacturer.
+- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer.
+- **ProcessorModel** Retrieves the name of the processor model.
- **ProcessorPhysicalCores** Number of physical cores in the processor.
-- **ProcessorUpdateRevision** Microcode revision
+- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system.
- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status
-- **SocketCount** Count of CPU sockets.
+- **SocketCount** Number of physical CPU sockets of the machine.
- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability.
@@ -1545,14 +1562,14 @@ This event provides information on about security settings used to help keep Win
The following fields are available:
- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
-- **CGRunning** Is Credential Guard running?
+- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
- **DGState** This field summarizes the Device Guard state.
-- **HVCIRunning** Is HVCI running?
+- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
-- **SecureBootCapable** Is this device capable of running Secure Boot?
-- **VBSState** Is virtualization-based security enabled, disabled, or running?
+- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
+- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
### Census.Speech
@@ -1889,6 +1906,82 @@ The following fields are available:
- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter.
+- **aiSeqId** The event sequence ID.
+- **bootId** The system boot ID.
+- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload.
+- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes).
+- **DisplayAdapterLuid** The display adapter LUID.
+- **DriverDate** The date of the display driver.
+- **DriverRank** The rank of the display driver.
+- **DriverVersion** The display driver version.
+- **GPUDeviceID** The GPU device ID.
+- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID** The GPU revision ID.
+- **GPUVendorID** The GPU vendor ID.
+- **InterfaceId** The GPU interface ID.
+- **IsDisplayDevice** Does the GPU have displaying capabilities?
+- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA** Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported** Does the GPU support Miracast?
+- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported** Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter** Is this GPU the POST GPU in the device?
+- **IsRemovable** TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice** Does the GPU have rendering capabilities?
+- **IsSoftwareDevice** Is this a software implementation of the GPU?
+- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NumVidPnSources** The number of supported display output sources.
+- **NumVidPnTargets** The number of supported display output targets.
+- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID** The subsystem ID.
+- **SubVendorID** The GPU sub vendor ID.
+- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version** The event version.
+- **WDDMVersion** The Windows Display Driver Model version.
+
+
+## Fault Reporting events
+
+### Microsoft.Windows.FaultReporting.AppCrashEvent
+
+This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
+
+The following fields are available:
+
+- **AppName** The name of the app that has crashed.
+- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **AppTimeStamp** The date/time stamp of the app.
+- **AppVersion** The version of the app that has crashed.
+- **ExceptionCode** The exception code returned by the process that has crashed.
+- **ExceptionOffset** The address where the exception had occurred.
+- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
+- **ModName** Exception module name (e.g. bar.dll).
+- **ModTimeStamp** The date/time stamp of the module.
+- **ModVersion** The version of the module that has crashed.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has crashed.
+- **ProcessId** The ID of the process that has crashed.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported
+- **TargetAsId** The sequence number for the hanging process.
+
+
## Feature update events
### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
@@ -1916,6 +2009,33 @@ This event sends basic metadata about the starting point of uninstalling a featu
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+
+The following fields are available:
+
+- **AppName** The name of the app that has hung.
+- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion** The version of the app that has hung.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has hung.
+- **ProcessId** The ID of the process that has hung.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported.
+- **TargetAsId** The sequence number for the hanging process.
+- **TypeCode** Bitmap describing the hang type.
+- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
+- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
+- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
+
+
## Inventory events
### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
@@ -1992,13 +2112,13 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
-- **InventoryVersion** The version of the inventory component
+- **InventoryVersion** The version of the inventory component.
- **ProgramIds** The unique program identifier the driver is associated with.
### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
-The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent.
+This event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -2185,12 +2305,12 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
-- **Class** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
-- **ClassGuid** A unique identifier for the driver installed.
-- **COMPID** Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
-- **ContainerId** INF file name (the name could be renamed by OS, such as oemXX.inf)
-- **Description** The version of the inventory binary generating the events.
-- **DeviceState** The current error code for the device.
+- **Class** The device setup class of the driver loaded for the device.
+- **ClassGuid** The device setup class guid of the driver loaded for the device.
+- **COMPID** The list of compat ids for the device.
+- **ContainerId** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
+- **Description** The device description.
+- **DeviceState** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present
- **DriverId** A unique identifier for the driver installed.
- **DriverName** Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage.
@@ -2703,11 +2823,188 @@ The following fields are available:
- **UserInputTime** The amount of time the loader application spent waiting for user input.
+## OneDrive events
+
+### Microsoft.OneDrive.Sync.Setup.APIOperation
+
+This event includes basic data about install and uninstall OneDrive API operations.
+
+The following fields are available:
+
+- **APIName** The name of the API.
+- **Duration** How long the operation took.
+- **IsSuccess** Was the operation successful?
+- **ResultCode** The result code.
+- **ScenarioName** The name of the scenario.
+
+
+### Microsoft.OneDrive.Sync.Setup.EndExperience
+
+This event includes a success or failure summary of the installation.
+
+The following fields are available:
+
+- **APIName** The name of the API.
+- **HResult** The result code of the last action performed before this operation
+- **IsSuccess** Was the operation successful?
+- **ScenarioName** The name of the scenario.
+
+
+### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
+
+This event is related to the OS version when the OS is upgraded with OneDrive installed.
+
+The following fields are available:
+
+- **CurrentOneDriveVersion** The current version of OneDrive.
+- **CurrentOSBuildBranch** The current branch of the operating system.
+- **CurrentOSBuildNumber** The current build number of the operating system.
+- **CurrentOSVersion** The current version of the operating system.
+- **HResult** The HResult of the operation.
+- **SourceOSBuildBranch** The source branch of the operating system.
+- **SourceOSBuildNumber** The source build number of the operating system.
+- **SourceOSVersion** The source version of the operating system.
+
+
+### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation
+
+This event is related to registering or unregistering the OneDrive update task.
+
+The following fields are available:
+
+- **APIName** The name of the API.
+- **IsSuccess** Was the operation successful?
+- **RegisterNewTaskResult** The HResult of the RegisterNewTask operation.
+- **ScenarioName** The name of the scenario.
+- **UnregisterOldTaskResult** The HResult of the UnregisterOldTask operation.
+
+
+### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
+
+This event includes basic data about the installation state of dependent OneDrive components.
+
+The following fields are available:
+
+- **ComponentName** The name of the dependent component.
+- **isInstalled** Is the dependent component installed?
+
+
+### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus
+
+This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken
+
+The following fields are available:
+
+- **32bit** The status of the OneDrive overlay icon on a 32-bit operating system.
+- **64bit** The status of the OneDrive overlay icon on a 64-bit operating system.
+
+
+### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
+
+This event sends information describing the result of the update.
+
+The following fields are available:
+
+- **hr** The HResult of the operation.
+- **IsLoggingEnabled** Indicates whether logging is enabled for the updater.
+- **UpdaterVersion** The version of the updater.
+
+
+### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult
+
+This event determines the status when downloading the OneDrive update configuration file.
+
+The following fields are available:
+
+- **hr** The HResult of the operation.
+
+
+### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus
+
+This event determines the error code that was returned when verifying Internet connectivity.
+
+The following fields are available:
+
+- **winInetError** The HResult of the operation.
+
+
+## Other events
+
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update.
+
+The following fields are available:
+
+- **architecture** Indicates the scan was limited to the specified architecture.
+- **capabilityCount** The number of optional content packages found during the scan.
+- **clientId** The name of the application requesting the optional content.
+- **duration** The amount of time it took to complete the scan.
+- **hrStatus** The HReturn code of the scan.
+- **language** Indicates the scan was limited to the specified language.
+- **majorVersion** Indicates the scan was limited to the specified major version.
+- **minorVersion** Indicates the scan was limited to the specified minor version.
+- **namespace** Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter** A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update.
+
+The following fields are available:
+
+- **capabilities** The names of the optional content packages that were installed.
+- **clientId** The name of the application requesting the optional content.
+- **highestState** The highest final install state of the optional content.
+- **hrStatus** The HReturn code of the install operation.
+- **rebootCount** The number of reboots required to complete the install.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId** The name of the application requesting the optional content.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+
+
+### Microsoft.Windows.WaaSAssessment.Error
+
+This event returns the name of the missing setting needed to determine the Operating System build age.
+
+The following fields are available:
+
+- **m** The WaaS (“Workspace as a Service”—cloud-based “workspace”) Assessment Error String.
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivationError
+
+This event indicates whether the system detected an activation error in the app.
+
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivity
+
+This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
+
+
+
## Remediation events
### Microsoft.Windows.Remediation.Applicable
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
@@ -2716,7 +3013,6 @@ The following fields are available:
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
-- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
- **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times.
- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled.
@@ -2726,7 +3022,7 @@ The following fields are available:
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
-- **GlobalEventCounter** Client side counter that indicates ordering of events sent by the remediation system.
+- **GlobalEventCounter** Client side counter that indicates ordering of events.
- **HResult** The HRESULT for detection or perform action phases of the plugin.
- **IsAppraiserLatestResult** The HRESULT from the appraiser task.
- **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected.
@@ -2789,29 +3085,9 @@ The following fields are available:
- **TimeServiceSyncType** Type of sync behavior for Date & Time service on device.
-### Microsoft.Windows.Remediation.ChangePowerProfileDetection
-
-Indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates.
-
-The following fields are available:
-
-- **ActionName** A descriptive name for the plugin action
-- **CurrentPowerPlanGUID** The ID of the current power plan configured on the device
-- **CV** Correlation vector
-- **GlobalEventCounter** Counter that indicates the ordering of events on the device
-- **PackageVersion** Current package version of remediation service
-- **RemediationBatteryPowerBatteryLevel** Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0)
-- **RemediationFUInProcess** Result that shows whether the device is currently installing a feature update
-- **RemediationFURebootRequred** Indicates that a feature update reboot required was detected so the plugin will exit.
-- **RemediationScanInProcess** Result that shows whether the device is currently scanning for updates
-- **RemediationTargetMachine** Result that shows whether this device is a candidate for remediation(s) that will fix update issues
-- **SetupMutexAvailable** Result that shows whether setup mutex is available or not
-- **SysPowerStatusAC** Result that shows whether system is on AC power or not
-
-
### Microsoft.Windows.Remediation.Completed
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
@@ -2833,7 +3109,7 @@ The following fields are available:
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
-- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
+- **GlobalEventCounter** Client-side counter that indicates ordering of events.
- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
- **hasRolledBack** Indicates whether the client machine has rolled back.
- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
@@ -2911,7 +3187,7 @@ The following fields are available:
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
-- **usoScanType** The type of USO (Update Session Orchestrator) scan (Interactive or Background).
+- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
- **windowsEditionId** Event to report the value of Windows Edition ID.
- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes.
@@ -2926,30 +3202,14 @@ The following fields are available:
- **windowsUpgradeRecoveredFromRs4** Event to report the value of the Windows Upgrade Recovered key.
-### Microsoft.Windows.Remediation.RemediationShellMainExeEventId
-
-Enables tracking of completion of process that remediates issues preventing security and quality updates.
-
-The following fields are available:
-
-- **CV** Client side counter which indicates ordering of events sent by the remediation system.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system.
-- **PackageVersion** Current package version of Remediation.
-- **RemediationShellCanAcquireSedimentMutex** True if the remediation was able to acquire the sediment mutex. False if it is already running.
-- **RemediationShellExecuteShellResult** Indicates if the remediation system completed without errors.
-- **RemediationShellFoundDriverDll** Result whether the remediation system found its component files to run properly.
-- **RemediationShellLoadedShellDriver** Result whether the remediation system loaded its component files to run properly.
-- **RemediationShellLoadedShellFunction** Result whether the remediation system loaded the functions from its component files to run properly.
-
-
### Microsoft.Windows.Remediation.Started
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
@@ -2970,6 +3230,41 @@ The following fields are available:
- **Time** The time the event was fired.
+### Microsoft.Windows.Sediment.Info.Error
+
+This event indicates an error in the updater payload. This information assists in keeping Windows up to date.
+
+
+
+### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings
+
+This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date.
+
+The following fields are available:
+
+- **CustomVer** The registry value for targeting.
+- **IsMetered** TRUE if the machine is on a metered network.
+- **LastVer** The version of the last successful run.
+- **ServiceVersionMajor** The Major version information of the component.
+- **ServiceVersionMinor** The Minor version information of the component.
+- **Time** The system time at which the event occurred.
+
+
+### Microsoft.Windows.Sediment.OSRSS.Error
+
+This event indicates an error occurred in the Operating System Remediation System Service (OSRSS). The information provided helps ensure future upgrade/update attempts are more successful.
+
+The following fields are available:
+
+- **FailureType** The type of error encountered.
+- **FileName** The code file in which the error occurred.
+- **HResult** The failure error code.
+- **LineNumber** The line number in the code file at which the error occurred.
+- **ServiceVersionMajor** The Major version information of the component.
+- **ServiceVersionMinor** The Minor version information of the component.
+- **Time** The system time at which the event occurred.
+
+
### Microsoft.Windows.Sediment.OSRSS.UrlState
This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL.
@@ -2984,15 +3279,17 @@ The following fields are available:
- **Time** System timestamp the event was fired
+## Sediment Launcher events
+
### Microsoft.Windows.SedimentLauncher.Applicable
-Indicates whether a given plugin is applicable.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
- **CV** Correlation vector.
- **DetectedCondition** Boolean true if detect condition is true and perform action will be run.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **IsSelfUpdateEnabledInOneSettings** True if self update enabled in Settings.
- **IsSelfUpdateNeeded** True if self update needed by device.
- **PackageVersion** Current package version of Remediation.
@@ -3002,98 +3299,43 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed
-Indicates whether a given plugin has completed its work.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
The following fields are available:
- **CV** Correlation vector.
- **FailedReasons** Concatenated list of failure reasons.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
- **SedLauncherExecutionResult** HRESULT for one execution of the Sediment Launcher.
-### Microsoft.Windows.SedimentLauncher.Error
-
-Error occurred during execution of the plugin.
-
-The following fields are available:
-
-- **HResult** The result for the Detection or Perform Action phases of the plug-in.
-- **Message** A message containing information about the error that occurred (if any).
-- **PackageVersion** The version number of the current remediation package.
-
-
-### Microsoft.Windows.SedimentLauncher.FallbackError
-
-This event indicates that an error occurred during execution of the plug-in fallback.
-
-The following fields are available:
-
-- **s0** Error occurred during execution of the plugin fallback. See [Microsoft.Windows.SedimentLauncher.wilResult](#microsoftwindowssedimentlauncherwilresult).
-- **wilResult** Result from executing wil based function. See [wilResult](#wilresult).
-
-
-### Microsoft.Windows.SedimentLauncher.Information
-
-This event provides general information returned from the plug-in.
-
-The following fields are available:
-
-- **HResult** This is the HRESULT for detection or perform action phases of the plugin.
-- **Message** Information message returned from a plugin containing only information internal to the plugins execution.
-- **PackageVersion** Current package version of Remediation.
-
-
### Microsoft.Windows.SedimentLauncher.Started
-This event indicates that a given plug-in has started.
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date.
The following fields are available:
- **CV** Correlation vector.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
-### Microsoft.Windows.SedimentLauncher.wilResult
-
-This event provides the result from the Windows internal library.
-
-The following fields are available:
-
-- **callContext** List of telemetry activities containing this error.
-- **currentContextId** Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName** Name of the newest telemetry activity containing this error.
-- **failureCount** Number of failures seen within the binary where the error occurred.
-- **failureId** Identifier assigned to this failure.
-- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName** Source code file name where the error occurred.
-- **function** Name of the function where the error occurred.
-- **hresult** Failure error code.
-- **lineNumber** Line number within the source code file where the error occurred.
-- **message** Custom message associated with the failure (if any).
-- **module** Name of the binary where the error occurred.
-- **originatingContextId** Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName** Name of the oldest telemetry activity containing this error.
-- **threadId** Identifier of the thread the error occurred on.
-
+## Sediment Service events
### Microsoft.Windows.SedimentService.Applicable
-This event indicates whether a given plug-in is applicable.
+This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date.
The following fields are available:
- **CV** Correlation vector.
- **DetectedCondition** Determine whether action needs to run based on device properties.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **IsSelfUpdateEnabledInOneSettings** Indicates if self update is enabled in One Settings.
- **IsSelfUpdateNeeded** Indicates if self update is needed.
- **PackageVersion** Current package version of Remediation.
@@ -3103,13 +3345,13 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed
-This event indicates whether a given plug-in has completed its work.
+This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date.
The following fields are available:
- **CV** Correlation vector.
- **FailedReasons** List of reasons when the plugin action failed.
-- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **GlobalEventCounter** Client side counter which indicates ordering of events.
- **PackageVersion** Current package version of Remediation.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
@@ -3123,41 +3365,9 @@ The following fields are available:
- **SedimentServiceTotalIterations** Number of 5 second iterations service will wait before running again.
-### Microsoft.Windows.SedimentService.Error
-
-This event indicates whether an error condition occurred in the plug-in.
-
-The following fields are available:
-
-- **HResult** This is the HRESULT for detection or perform action phases of the plugin.
-- **Message** Custom message associated with the failure (if any).
-- **PackageVersion** Current package version of Remediation.
-
-
-### Microsoft.Windows.SedimentService.FallbackError
-
-This event indicates whether an error occurred for a fallback in the plug-in.
-
-The following fields are available:
-
-- **s0** Event returned when an error occurs for a fallback in the plugin. See [Microsoft.Windows.SedimentService.wilResult](#microsoftwindowssedimentservicewilresult).
-- **wilResult** Result for wil based function. See [wilResult](#wilresult).
-
-
-### Microsoft.Windows.SedimentService.Information
-
-This event provides general information returned from the plug-in.
-
-The following fields are available:
-
-- **HResult** This is the HRESULT for detection or perform action phases of the plugin.
-- **Message** Custom message associated with the failure (if any).
-- **PackageVersion** Current package version of Remediation.
-
-
### Microsoft.Windows.SedimentService.Started
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event sends simple device connectivity and configuration data about a service on the system that helps keep Windows up to date.
The following fields are available:
@@ -3168,32 +3378,33 @@ The following fields are available:
- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
-### Microsoft.Windows.SedimentService.wilResult
+## Setup events
-This event provides the result from the Windows internal library.
+### SetupPlatformTel.SetupPlatformTelActivityEvent
+
+This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
The following fields are available:
-- **callContext** List of telemetry activities containing this error.
-- **currentContextId** Identifier for the newest telemetry activity containing this error.
-- **currentContextMessage** Custom message associated with the newest telemetry activity containing this error (if any).
-- **currentContextName** Name of the newest telemetry activity containing this error.
-- **failureCount** Number of failures seen within the binary where the error occurred.
-- **failureId** Identifier assigned to this failure.
-- **failureType** Indicates what type of failure was observed (exception, returned error, logged error or fail fast).
-- **fileName** Source code file name where the error occurred.
-- **function** Name of the function where the error occurred.
-- **hresult** Failure error code.
-- **lineNumber** Line number within the source code file where the error occurred.
-- **message** Custom message associated with the failure (if any).
-- **module** Name of the binary where the error occurred.
-- **originatingContextId** Identifier for the oldest telemetry activity containing this error.
-- **originatingContextMessage** Custom message associated with the oldest telemetry activity containing this error (if any).
-- **originatingContextName** Name of the oldest telemetry activity containing this error.
-- **threadId** Identifier of the thread the error occurred on.
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStarted
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+The following fields are available:
+
+- **Name** The name of the dynamic update type. Example: GDR driver
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStopped
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
-## Setup events
### SetupPlatformTel.SetupPlatformTelEvent
@@ -3780,6 +3991,131 @@ The following fields are available:
## Update events
+### Update360Telemetry.UpdateAgent_DownloadRequest
+
+This event sends data during the download request phase of updating Windows.
+
+The following fields are available:
+
+- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted.
+- **ErrorCode** The error code returned for the current download request phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **PackageCountOptional** # of optional packages requested.
+- **PackageCountRequired** # of required packages requested.
+- **PackageCountTotal** Total # of packages needed.
+- **PackageCountTotalCanonical** Total number of canonical packages.
+- **PackageCountTotalDiff** Total number of diff packages.
+- **PackageCountTotalExpress** Total number of express packages.
+- **PackageSizeCanonical** Size of canonical packages in bytes.
+- **PackageSizeDiff** Size of diff packages in bytes.
+- **PackageSizeExpress** Size of express packages in bytes.
+- **RangeRequestState** Indicates the range request type used.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the download request phase of update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases)
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgent_FellBackToCanonical
+
+This event collects information when Express could not be used, and the update had to fall back to “canonical” during the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **PackageCount** The number of packages that fell back to “canonical”.
+- **PackageList** PackageIDs which fell back to “canonical”.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgent_Initialize
+
+This event sends data during the initialize phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current initialize phase.
+- **FlightId** Unique ID for each flight.
+- **FlightMetadata** Contains the FlightId and the build being flighted.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
+- **SessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **SessionId** Unique value for each Update Agent mode attempt .
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgent_Install
+
+This event sends data during the install phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest scan.
+- **Result** Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
+- **SessionId** Unique value for each Update Agent mode attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgent_Merge
+
+This event sends data on the merge phase when updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current reboot.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgent_ModeStart
+
+This event sends data for the start of each mode during the process of updating Windows.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **Mode** Indicates that the Update Agent mode that has started. 1 = Initialize, 2 = DownloadRequest, 3 = Install, 4 = Commit
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest scan.
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
+- **SessionId** Unique value for each Update Agent mode attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgent_SetupBoxLaunch
+
+This event sends data during the launching of the setup box when updating Windows.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **Quiet** Indicates whether setup is running in quiet mode. 0 = false 1 = true
+- **RelatedCV** Correlation vector value generated from the latest scan.
+- **SandboxSize** The size of the sandbox folder on the device.
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
+- **SessionId** Unique value for each Update Agent mode attempt.
+- **SetupMode** Setup mode 1 = predownload, 2 = install, 3 = finalize
+- **UpdateId** Unique ID for each update.
+
+
### Update360Telemetry.UpdateAgentCommit
This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
@@ -3975,6 +4311,24 @@ The following fields are available:
- **Version** Version of update
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **Count** The count of applicable OneSettings for the device.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+- **Values** The values sent back to the device, if applicable.
+
+
### Update360Telemetry.UpdateAgentPostRebootResult
This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario.
@@ -4028,7 +4382,7 @@ The following fields are available:
- **CV** Correlation vector.
- **DetectorVersion** Most recently run detector version for the current campaign.
- **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user.
-- **key1** UI interaction data
+- **key1** Interaction data for the UI
- **key10** UI interaction data
- **key11** UI interaction data
- **key12** UI interaction data
@@ -4039,9 +4393,9 @@ The following fields are available:
- **key17** UI interaction data
- **key18** UI interaction data
- **key19** UI interaction data
-- **key2** UI interaction data
+- **key2** Interaction data for the UI
- **key20** UI interaction data
-- **key21** Interaction data for the UI
+- **key21** UI interaction data
- **key22** UI interaction data
- **key23** UI interaction data
- **key24** UI interaction data
@@ -4050,12 +4404,12 @@ The following fields are available:
- **key27** UI interaction data
- **key28** UI interaction data
- **key29** UI interaction data
-- **key3** UI interaction data
+- **key3** Interaction data for the UI
- **key30** UI interaction data
-- **key4** UI interaction data
-- **key5** UI interaction data
-- **key6** UI interaction data
-- **key7** UI interaction data
+- **key4** Interaction data for the UI
+- **key5** UI interaction type
+- **key6** Current package version of UNP
+- **key7** UI interaction type
- **key8** UI interaction data
- **key9** UI interaction data
- **PackageVersion** Current package version of the update notification.
@@ -4353,6 +4707,12 @@ This event sends a summary of all the setup mitigations available for this updat
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+
+
### Setup360Telemetry.UnexpectedEvent
This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
@@ -4366,7 +4726,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@@ -4402,17 +4762,37 @@ This event provides the results from the WaaSMedic engine
The following fields are available:
- **detectionSummary** Result of each applicable detection that was run.
-- **featureAssessmentImpact** Windows as a Service (WaaS) Assessment impact on feature updates
+- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
- **hrEngineResult** Indicates the WaaSMedic engine operation error codes
-- **insufficientSessions** True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise
-- **isManaged** Indicates the device is managed for updates
-- **isWUConnected** Indicates the device is connected to Windows Update
-- **noMoreActions** All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions
-- **qualityAssessmentImpact** Windows as a Service (WaaS) Assessment impact for quality updates
+- **insufficientSessions** Device not eligible for diagnostics.
+- **isManaged** Device is managed for updates.
+- **isWUConnected** Device is connected to Windows Update.
+- **noMoreActions** No more applicable diagnostics.
+- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
-- **usingBackupFeatureAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client
-- **usingBackupQualityAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client
-- **versionString** Installed version of the WaaSMedic engine
+- **usingBackupFeatureAssessment** Relying on backup feature assessment.
+- **usingBackupQualityAssessment** Relying on backup quality assessment.
+- **versionString** Version of the WaaSMedic engine.
+
+
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId** Uint32 identifying the boot number for this device.
+- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1** Uint64 parameter providing additional information.
+- **BugCheckParameter2** Uint64 parameter providing additional information.
+- **BugCheckParameter3** Uint64 parameter providing additional information.
+- **BugCheckParameter4** Uint64 parameter providing additional information.
+- **DumpFileAttributes** Codes that identify the type of data contained in the dump file
+- **DumpFileSize** Size of the dump file
+- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise
+- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
## Windows Store events
@@ -4798,144 +5178,6 @@ The following fields are available:
## Windows Update Delivery Optimization events
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
-
-This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads.
-
-The following fields are available:
-
-- **background** Is the download being done in the background?
-- **bytesFromCacheServer** Bytes received from a cache host.
-- **bytesFromCDN** The number of bytes received from a CDN source.
-- **bytesFromGroupPeers** The number of bytes received from a peer in the same group.
-- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group.
-- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
-- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
-- **callerName** Name of the API caller.
-- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
-- **clientTelId** A random number used for device sampling.
-- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
-- **doErrorCode** The Delivery Optimization error code that was returned.
-- **errorCode** The error code that was returned.
-- **experimentId** When running a test, this is used to correlate events that are part of the same test.
-- **fileID** The ID of the file being downloaded.
-- **gCurMemoryStreamBytes** Current usage for memory streaming.
-- **gMaxMemoryStreamBytes** Maximum usage for memory streaming.
-- **isVpn** Is the device connected to a Virtual Private Network?
-- **jobID** Identifier for the Windows Update job.
-- **reasonCode** Reason the action or event occurred.
-- **scenarioID** The ID of the scenario.
-- **sessionID** The ID of the file download session.
-- **updateID** The ID of the update being downloaded.
-- **usedMemoryStream** Did the download use memory streaming?
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
-
-This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads.
-
-The following fields are available:
-
-- **background** Is the download a background download?
-- **bytesFromCacheServer** Bytes received from a cache host.
-- **bytesFromCDN** The number of bytes received from a CDN source.
-- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group.
-- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group.
-- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
-- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
-- **bytesRequested** The total number of bytes requested for download.
-- **cacheServerConnectionCount** Number of connections made to cache hosts.
-- **callerName** Name of the API caller.
-- **cdnConnectionCount** The total number of connections made to the CDN.
-- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp** The IP address of the source CDN.
-- **clientTelId** A random number used for device sampling.
-- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
-- **doErrorCode** The Delivery Optimization error code that was returned.
-- **downlinkBps** The maximum measured available download bandwidth (in bytes per second).
-- **downlinkUsageBps** The download speed (in bytes per second).
-- **downloadMode** The download mode used for this file download session.
-- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID** The ID of the file being downloaded.
-- **fileSize** The size of the file being downloaded.
-- **gCurMemoryStreamBytes** Current usage for memory streaming.
-- **gMaxMemoryStreamBytes** Maximum usage for memory streaming.
-- **groupConnectionCount** The total number of connections made to peers in the same group.
-- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group.
-- **isVpn** Is the device connected to a Virtual Private Network?
-- **jobID** Identifier for the Windows Update job.
-- **lanConnectionCount** The total number of connections made to peers in the same LAN.
-- **numPeers** The total number of peers used for this download.
-- **restrictedUpload** Is the upload restricted?
-- **scenarioID** The ID of the scenario.
-- **sessionID** The ID of the download session.
-- **totalTimeMs** Duration of the download (in seconds).
-- **updateID** The ID of the update being downloaded.
-- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
-- **uplinkUsageBps** The upload speed (in bytes per second).
-- **usedMemoryStream** Did the download use memory streaming?
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
-
-This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads.
-
-The following fields are available:
-
-- **background** Is the download a background download?
-- **callerName** The name of the API caller.
-- **clientTelId** A random number used for device sampling.
-- **errorCode** The error code that was returned.
-- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID** The ID of the file being paused.
-- **isVpn** Is the device connected to a Virtual Private Network?
-- **jobID** Identifier for the Windows Update job.
-- **reasonCode** The reason for pausing the download.
-- **scenarioID** The ID of the scenario.
-- **sessionID** The ID of the download session.
-- **updateID** The ID of the update being paused.
-
-
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
-
-This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads.
-
-The following fields are available:
-
-- **background** Indicates whether the download is happening in the background.
-- **bytesRequested** Number of bytes requested for the download.
-- **callerName** Name of the API caller.
-- **cdnUrl** The URL of the source CDN.
-- **clientTelId** Random number used for device selection
-- **costFlags** A set of flags representing network cost.
-- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM).
-- **diceRoll** Random number used for determining if a client will use peering.
-- **doClientVersion** The version of the Delivery Optimization client.
-- **doErrorCode** The Delivery Optimization error code that was returned.
-- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
-- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
-- **errorCode** The error code that was returned.
-- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing.
-- **fileID** The ID of the file being downloaded.
-- **filePath** The path to where the downloaded file will be written.
-- **fileSize** Total file size of the file that was downloaded.
-- **fileSizeCaller** Value for total file size provided by our caller.
-- **groupID** ID for the group.
-- **isVpn** Indicates whether the device is connected to a Virtual Private Network.
-- **jobID** The ID of the Windows Update job.
-- **minDiskSizeGB** The minimum disk size (in GB) policy set for the device to allow peering with delivery optimization.
-- **minDiskSizePolicyEnforced** Indicates whether there is an enforced minimum disk size requirement for peering.
-- **minFileSizePolicy** The minimum content file size policy to allow the download using peering with delivery optimization.
-- **peerID** The ID for this delivery optimization client.
-- **scenarioID** The ID of the scenario.
-- **sessionID** The ID for the file download session.
-- **updateID** The ID of the update being downloaded.
-- **usedMemoryStream** Indicates whether the download used memory streaming.
-
-
### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads.
@@ -4959,20 +5201,6 @@ The following fields are available:
- **sessionID** The ID of the download session.
-### Microsoft.OSG.DU.DeliveryOptClient.JobError
-
-This event represents a Windows Update job error. It allows for investigation of top errors.
-
-The following fields are available:
-
-- **clientTelId** A random number used for device sampling.
-- **doErrorCode** Error code returned for delivery optimization.
-- **errorCode** The error code returned.
-- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
-- **fileID** The ID of the file being downloaded.
-- **jobID** The Windows Update job ID.
-
-
## Windows Update events
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit
@@ -5067,6 +5295,24 @@ The following fields are available:
- **updateId** Unique ID for each Update.
+### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
+
+This event indicates that a notification dialog box is about to be displayed to user.
+
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
+
+This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed.
+
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
+
+This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed.
+
+
+
### Microsoft.Windows.Update.NotificationUx.RebootScheduled
Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update.
@@ -5085,6 +5331,18 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
+
+This event indicates a policy is present that may restrict update activity to outside of active hours.
+
+
+
+### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours
+
+This event indicates that update activity was blocked because it is within the active hours window.
+
+
+
### Microsoft.Windows.Update.Orchestrator.CommitFailed
This event indicates that a device was unable to restart after an update.
@@ -5114,16 +5372,16 @@ This event indicates that a scan for a Windows Update occurred.
The following fields are available:
- **deferReason** Reason why the device could not check for updates.
-- **detectionBlockreason** Reason for detection not completing.
+- **detectionBlockreason** Reason for blocking detection
- **detectionRetryMode** Indicates whether we will try to scan again.
-- **errorCode** The returned error code.
-- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **errorCode** Error value
+- **eventScenario** End to end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
- **flightID** The specific ID of the Windows Insider build the device is getting.
- **interactive** Indicates whether the session was user initiated.
- **revisionNumber** Update revision number.
- **updateId** Update ID.
-- **updateScenarioType** Update Session type
-- **wuDeviceid** Device ID
+- **updateScenarioType** The update session type.
+- **wuDeviceid** Unique device ID used by Windows Update.
### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
@@ -5142,6 +5400,23 @@ The following fields are available:
- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+### Microsoft.Windows.Update.Orchestrator.Download
+
+This event sends launch data for a Windows Update download to help keep Windows up to date.
+
+The following fields are available:
+
+- **deferReason** Reason for download not completing.
+- **errorCode** An error code represented as a hexadecimal value.
+- **eventScenario** End-to-end update session ID.
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **interactive** Indicates whether the session is user initiated.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
This event indicates that the update is no longer applicable to this device.
@@ -5169,6 +5444,48 @@ The following fields are available:
- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
+
+This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows up to date.
+
+The following fields are available:
+
+- **EventPublishedTime** Time of the event.
+- **flightID** Unique update ID
+- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber** Revision number of the update.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Install
+
+This event sends launch data for a Windows Update install to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Current battery capacity in mWh or percentage left.
+- **deferReason** Reason for install not completing.
+- **errorCode** The error code reppresented by a hexadecimal value.
+- **eventScenario** End-to-end update session ID.
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **flightUpdate** Indicates whether the update is a Windows Insider build.
+- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates.
+- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress.
+- **installRebootinitiatetime** The time it took for a reboot to be attempted.
+- **interactive** Identifies if session is user initiated.
+- **minutesToCommit** The time it took to install updates.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.LowUptimes
This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure.
@@ -5182,6 +5499,18 @@ The following fields are available:
- **wuDeviceid** Unique device ID for Windows Update.
+### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
+
+This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date.
+
+The following fields are available:
+
+- **externalOneshotupdate** The last time a task-triggered scan was completed.
+- **interactiveOneshotupdate** The last time an interactive scan was completed.
+- **oldlastscanOneshotupdate** The last time a scan completed successfully.
+- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID).
+
+
### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
This event is generated before the shutdown and commit operations.
@@ -5191,6 +5520,166 @@ The following fields are available:
- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+### Microsoft.Windows.Update.Orchestrator.RebootFailed
+
+This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Current battery capacity in mWh or percentage left.
+- **deferReason** Reason for install not completing.
+- **EventPublishedTime** The time that the reboot failure occurred.
+- **flightID** Unique update ID.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot was scheduled outside of active hours.
+- **RebootResults** Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RefreshSettings
+
+This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode** Hex code for the error message, to allow lookup of the specific error.
+- **settingsDownloadTime** Timestamp of the last attempt to acquire settings.
+- **settingsETag** Version identifier for the settings.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
+
+This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date.
+
+The following fields are available:
+
+- **RebootTaskRestoredTime** Time at which this reboot task was restored.
+- **wuDeviceid** Device ID for the device on which the reboot is restored.
+
+
+### Microsoft.Windows.Update.Orchestrator.SystemNeeded
+
+This event sends data about why a device is unable to reboot, to help keep Windows up to date.
+
+The following fields are available:
+
+- **eventScenario** End-to-end update session ID.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber** Update revision number.
+- **systemNeededReason** List of apps or tasks that are preventing the system from restarting.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
+
+This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **configuredPoliciescount** Number of policies on the device.
+- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight).
+- **policyCacherefreshtime** Time when policy cache was refreshed.
+- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
+
+This event sends information about an update that encountered problems and was not able to complete.
+
+The following fields are available:
+
+- **errorCode** The error code encountered.
+- **wuDeviceid** The ID of the device in which the error occurred.
+
+
+### Microsoft.Windows.Update.Orchestrator.USODiagnostics
+
+This event sends data on whether the state of the update attempt, to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode** result showing success or failure of current update
+- **LastApplicableUpdateFoundTime** The time when the last applicable update was found.
+- **LastDownloadDeferredReason** The last reason download was deferred.
+- **LastDownloadDeferredTime** The time of the download deferral.
+- **LastDownloadFailureError** The last download failure.
+- **LastDownloadFailureTime** The time of the last download failure.
+- **LastInstallCompletedTime** The time when the last successful install completed.
+- **LastInstallDeferredReason** The reason the last install was deferred.
+- **LastInstallDeferredTime** The time when the last install was deferred.
+- **LastInstallFailureError** The error code associated with the last install failure.
+- **LastInstallFailureTime** The time when the last install failed to complete.
+- **LastRebootDeferredReason** The reason the last reboot was deferred.
+- **LastRebootDeferredTime** The time when the last reboot was deferred.
+- **LastRebootPendingTime** The time when the last reboot state was set to “Pending”.
+- **LastScanDeferredReason** The reason the last scan was deferred.
+- **LastScanDeferredTime** The time when the last scan was deferred.
+- **LastScanFailureError** The error code for the last scan failure.
+- **LastScanFailureTime** The time when the last scan failed.
+- **LastUpdateCheckTime** The time of the last update check.
+- **LastUpdateDownloadTime** The time when the last update was downloaded.
+- **LastUpgradeInstallFailureError** The error code for the last upgrade install failure.
+- **LastUpgradeInstallFailureTime** The time of the last upgrade install failure.
+- **LowUpTimeDetectTime** The last time “low up-time” was detected.
+- **NoLowUpTimeDetectTime** The last time no “low up-time” was detected.
+- **RebootRequired** Indicates reboot is required.
+- **revisionNumber** Unique revision number of the Update
+- **updateId** Unique ID for Update
+- **updateState** Progress within an update state
+- **UpgradeInProgressTime** The amount of time a feature update has been in progress.
+- **WaaSFeatureAssessmentDays** The number of days Feature Update Assessment has been out of date.
+- **WaaSFeatureAssessmentImpact** The impact of the Feature Update Assessment.
+- **WaaSUpToDateAssessmentDays** The number of days Quality Update Assessment has been out of date.
+- **WaaSUpToDateAssessmentImpact** The impact of Quality Update Assessment.
+- **wuDeviceid** Unique ID for Device
+
+
+### Microsoft.Windows.Update.Orchestrator.UsoSession
+
+This event represents the state of the USO service at start and completion.
+
+The following fields are available:
+
+- **activeSessionid** A unique session GUID.
+- **eventScenario** The state of the update action.
+- **interactive** Is the USO session interactive?
+- **lastErrorcode** The last error that was encountered.
+- **lastErrorstate** The state of the update when the last error was encountered.
+- **sessionType** A GUID that refers to the update session type.
+- **updateScenarioType** A descriptive update session type.
+- **wuDeviceid** The Windows Update device GUID.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
+
+This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
+- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed.
+- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs.
+- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode.
+- **ETag** The Entity Tag that represents the OneSettings version.
+- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device.
+- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device.
+- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending.
+- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode.
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+
+
### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
This event is sent when a security update has successfully completed.
@@ -5209,6 +5698,25 @@ The following fields are available:
- **Reason** The reason sent which will cause the reboot to defer.
+### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
+
+This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **activeHoursApplicable** Indicates whether Active Hours applies on this device.
+- **forcedReboot** True, if a reboot is forced on the device. Otherwise, this is False
+- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action.
+- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise.
+- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
+- **rebootState** Current state of the reboot.
+- **revisionNumber** Revision number of the update that is getting installed with this reboot.
+- **scheduledRebootTime** Time scheduled for the reboot.
+- **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC.
+- **updateId** Identifies which update is being scheduled.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot
This event is fired the first time when the reboot is required.
@@ -5227,7 +5735,7 @@ The following fields are available:
### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
-This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up-to-date
+This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up to date.
The following fields are available:
@@ -5244,6 +5752,32 @@ The following fields are available:
- **wuDeviceid** The Windows Update device GUID.
+## Windows Update mitigation events
+
+### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
+
+This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates.
+
+The following fields are available:
+
+- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightId** Unique identifier for each flight.
+- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **MountedImageCount** Number of mounted images.
+- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT.
+- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed.
+- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed.
+- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each Update.
+- **WuId** Unique ID for the Windows Update client.
+
+
## Winlogon events
### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index 9af3127db4..1a5a1aa9c7 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
-ms.date: 09/10/2018
+ms.date: 11/07/2018
---
@@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -35,6 +36,8 @@ You can learn more about Windows functional and diagnostic data through these ar
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+
+
## Appraiser events
### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@@ -75,7 +78,7 @@ The following fields are available:
- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device.
- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers.
- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
-- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine.
- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
- **InventorySystemBios** The count of the number of this particular object type present on this device.
- **InventoryTest** The count of the number of this particular object type present on this device.
@@ -369,7 +372,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates that the DecisionApplicationFile object is no longer present.
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -575,6 +578,17 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
@@ -701,7 +715,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -822,6 +836,31 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
+
+This event is only runs during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. Is critical to understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BootCritical** Is the driver package marked as boot critical?
+- **Build** The build value from the driver package.
+- **CatalogFile** The name of the catalog file within the driver package.
+- **Class** The device class from the driver package.
+- **ClassGuid** The device class unique ID from the driver package.
+- **Date** The date from the driver package.
+- **Inbox** Is the driver package of a driver that is included with Windows?
+- **OriginalName** The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
+- **Provider** The provider of the driver package.
+- **PublishedName** The name of the INF file after it was renamed.
+- **Revision** The revision of the driver package.
+- **SignatureStatus** Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
+- **VersionMajor** The major version of the driver package.
+- **VersionMinor** The minor version of the driver package.
+
+
### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
This event indicates that the InventoryUplevelDriverPackage object is no longer present.
@@ -1179,6 +1218,23 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+### Microsoft.Windows.Appraiser.General.SystemWlanAdd
+
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked because of an emulated WLAN driver?
+- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block?
+- **WlanEmulatedDriver** Does the device have an emulated WLAN driver?
+- **WlanExists** Does the device support WLAN at all?
+- **WlanModulePresent** Are any WLAN modules present?
+- **WlanNativeDriver** Does the device have a non-emulated WLAN driver?
+
+
### Microsoft.Windows.Appraiser.General.SystemWlanRemove
This event indicates that the SystemWlan object is no longer present.
@@ -1292,7 +1348,7 @@ The following fields are available:
- **AppraiserTaskExitCode** The Appraiser task exist code.
- **AppraiserTaskLastRun** The last runtime for the Appraiser task.
- **CensusVersion** The version of Census that generated the current data for this device.
-- **IEVersion** Retrieves which version of Internet Explorer is running on this device.
+- **IEVersion** IE version running on the device.
### Census.Battery
@@ -2594,6 +2650,91 @@ The following fields are available:
- **CV** Correlation vector.
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter.
+- **aiSeqId** The event sequence ID.
+- **bootId** The system boot ID.
+- **BrightnessVersionViaDDI** The version of the Display Brightness Interface.
+- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload.
+- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes).
+- **DisplayAdapterLuid** The display adapter LUID.
+- **DriverDate** The date of the display driver.
+- **DriverRank** The rank of the display driver.
+- **DriverVersion** The display driver version.
+- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
+- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
+- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
+- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
+- **GPUDeviceID** The GPU device ID.
+- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID** The GPU revision ID.
+- **GPUVendorID** The GPU vendor ID.
+- **InterfaceId** The GPU interface ID.
+- **IsDisplayDevice** Does the GPU have displaying capabilities?
+- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA** Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported** Does the GPU support Miracast?
+- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported** Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter** Is this GPU the POST GPU in the device?
+- **IsRemovable** TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice** Does the GPU have rendering capabilities?
+- **IsSoftwareDevice** Is this a software implementation of the GPU?
+- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store.
+- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NumVidPnSources** The number of supported display output sources.
+- **NumVidPnTargets** The number of supported display output targets.
+- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID** The subsystem ID.
+- **SubVendorID** The GPU sub vendor ID.
+- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version** The event version.
+- **WDDMVersion** The Windows Display Driver Model version.
+
+
+## Fault Reporting events
+
+### Microsoft.Windows.FaultReporting.AppCrashEvent
+
+This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
+
+The following fields are available:
+
+- **AppName** The name of the app that has crashed.
+- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **AppTimeStamp** The date/time stamp of the app.
+- **AppVersion** The version of the app that has crashed.
+- **ExceptionCode** The exception code returned by the process that has crashed.
+- **ExceptionOffset** The address where the exception had occurred.
+- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
+- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
+- **IsCrashFatal** (Deprecated) True/False to indicate whether the crash resulted in process termination.
+- **IsFatal** True/False to indicate whether the crash resulted in process termination.
+- **ModName** Exception module name (e.g. bar.dll).
+- **ModTimeStamp** The date/time stamp of the module.
+- **ModVersion** The version of the module that has crashed.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has crashed.
+- **ProcessId** The ID of the process that has crashed.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported
+- **TargetAsId** The sequence number for the hanging process.
+
+
## Feature update events
### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
@@ -2618,6 +2759,34 @@ This event sends basic metadata about the starting point of uninstalling a featu
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+
+The following fields are available:
+
+- **AppName** The name of the app that has hung.
+- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion** The version of the app that has hung.
+- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has hung.
+- **ProcessId** The ID of the process that has hung.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported.
+- **TargetAsId** The sequence number for the hanging process.
+- **TypeCode** Bitmap describing the hang type.
+- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
+- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
+- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
+
+
## Inventory events
### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
@@ -2693,6 +2862,18 @@ The following fields are available:
- **Version** The version number of the program.
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
+
+This event represents what drivers an application installs.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component.
+- **ProgramIds** The unique program identifier the driver is associated with.
+
+
### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
This event provides the basic metadata about the frameworks an application may depend on.
@@ -2839,6 +3020,17 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
+
+This event indicates that the InventoryDeviceMediaClassRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent.
@@ -2873,7 +3065,7 @@ The following fields are available:
- **Enumerator** The date of the driver loaded for the device.
- **HWID** The version of the driver loaded for the device.
- **Inf** The bus that enumerated the device.
-- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx
+- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
- **InventoryVersion** List of hardware ids for the device.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device
- **LowerFilters** Lower filter drivers IDs installed for the device
@@ -3438,6 +3630,557 @@ The following fields are available:
- **UptimeDeltaMS** Total time (in milliseconds) added to Uptime since the last event
+## OneDrive events
+
+### Microsoft.OneDrive.Sync.Setup.APIOperation
+
+This event includes basic data about install and uninstall OneDrive API operations.
+
+The following fields are available:
+
+- **APIName** The name of the API.
+- **Duration** How long the operation took.
+- **IsSuccess** Was the operation successful?
+- **ResultCode** The result code.
+- **ScenarioName** The name of the scenario.
+
+
+### Microsoft.OneDrive.Sync.Setup.EndExperience
+
+This event includes a success or failure summary of the installation.
+
+The following fields are available:
+
+- **APIName** The name of the API.
+- **HResult** HResult of the operation
+- **IsSuccess** Whether the operation is successful or not
+- **ScenarioName** The name of the scenario.
+
+
+### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation
+
+This event is related to the OS version when the OS is upgraded with OneDrive installed.
+
+The following fields are available:
+
+- **CurrentOneDriveVersion** The current version of OneDrive.
+- **CurrentOSBuildBranch** The current branch of the operating system.
+- **CurrentOSBuildNumber** The current build number of the operating system.
+- **CurrentOSVersion** The current version of the operating system.
+- **HResult** The HResult of the operation.
+- **SourceOSBuildBranch** The source branch of the operating system.
+- **SourceOSBuildNumber** The source build number of the operating system.
+- **SourceOSVersion** The source version of the operating system.
+
+
+### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation
+
+This event is related to registering or unregistering the OneDrive update task.
+
+The following fields are available:
+
+- **APIName** The name of the API.
+- **IsSuccess** Was the operation successful?
+- **RegisterNewTaskResult** The HResult of the RegisterNewTask operation.
+- **ScenarioName** The name of the scenario.
+- **UnregisterOldTaskResult** The HResult of the UnregisterOldTask operation.
+
+
+### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
+
+This event includes basic data about the installation state of dependent OneDrive components.
+
+The following fields are available:
+
+- **ComponentName** The name of the dependent component.
+- **isInstalled** Is the dependent component installed?
+
+
+### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus
+
+This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken
+
+The following fields are available:
+
+- **32bit** The status of the OneDrive overlay icon on a 32-bit operating system.
+- **64bit** The status of the OneDrive overlay icon on a 64-bit operating system.
+
+
+### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
+
+This event sends information describing the result of the update.
+
+The following fields are available:
+
+- **hr** The HResult of the operation.
+- **IsLoggingEnabled** Indicates whether logging is enabled for the updater.
+- **UpdaterVersion** The version of the updater.
+
+
+### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult
+
+This event determines the status when downloading the OneDrive update configuration file.
+
+The following fields are available:
+
+- **hr** The HResult of the operation.
+
+
+### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus
+
+This event determines the error code that was returned when verifying Internet connectivity.
+
+The following fields are available:
+
+- **winInetError** The HResult of the operation.
+
+
+## Other events
+
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update.
+
+The following fields are available:
+
+- **architecture** Indicates the scan was limited to the specified architecture.
+- **capabilityCount** The number of optional content packages found during the scan.
+- **clientId** The name of the application requesting the optional content.
+- **duration** The amount of time it took to complete the scan.
+- **hrStatus** The HReturn code of the scan.
+- **language** Indicates the scan was limited to the specified language.
+- **majorVersion** Indicates the scan was limited to the specified major version.
+- **minorVersion** Indicates the scan was limited to the specified minor version.
+- **namespace** Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter** A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update.
+
+The following fields are available:
+
+- **capabilities** The names of the optional content packages that were installed.
+- **clientId** The name of the application requesting the optional content.
+- **currentID** The ID of the current install session.
+- **highestState** The highest final install state of the optional content.
+- **hrStatus** The HReturn code of the install operation.
+- **rebootCount** The number of reboots required to complete the install.
+- **retryID** The session ID that will be used to retry a failed operation.
+- **retryStatus** Indicates whether the install will be retried in the event of failure.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId** The name of the application requesting the optional content.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+
+
+### CbsServicingProvider.CbsPackageRemoval
+
+This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build number of the security update being uninstalled.
+- **clientId** The name of the application requesting the uninstall.
+- **currentStateEnd** The final state of the update after the operation.
+- **failureDetails** Information about the cause of a failure, if applicable.
+- **failureSourceEnd** The stage during the uninstall where the failure occurred.
+- **hrStatusEnd** The overall exit code of the operation.
+- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image.
+- **majorVersion** The major version number of the security update being uninstalled.
+- **minorVersion** The minor version number of the security update being uninstalled.
+- **originalState** The starting state of the update before the operation.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+- **primitiveExecutionContext** The state during system startup when the uninstall was completed.
+- **revisionVersion** The revision number of the security update being uninstalled.
+- **transactionCanceled** Indicates whether the uninstall was cancelled.
+
+
+### Microsoft.Windows.Remediation.Applicable
+
+This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+
+The following fields are available:
+
+- **ActionName** The name of the action to be taken by the plug-in.
+- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid.
+- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
+- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
+- **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
+- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
+- **CV** Correlation vector
+- **DateTimeDifference** The difference between local and reference clock times.
+- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled.
+- **DaysSinceLastSIH** The number of days since the most recent SIH executed.
+- **DaysToNextSIH** The number of days until the next scheduled SIH execution.
+- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run.
+- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
+- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
+- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
+- **GlobalEventCounter** Client side counter that indicates ordering of events sent by the remediation system.
+- **HResult** The HRESULT for detection or perform action phases of the plugin.
+- **IsAppraiserLatestResult** The HRESULT from the appraiser task.
+- **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected.
+- **LastHresult** The HRESULT for detection or perform action phases of the plugin.
+- **LastRun** The date of the most recent SIH run.
+- **NextRun** Date of the next scheduled SIH run.
+- **PackageVersion** The version of the current remediation package.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Reload** True if SIH reload is required.
+- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
+- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
+- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
+- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
+- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
+- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
+- **RemediationNoisyHammerMeteredNetwork** TRUE if the machine is on a metered network.
+- **RemediationNoisyHammerTaskEnabled** Indicates whether the Update Assistant Task (Noisy Hammer) is enabled.
+- **RemediationNoisyHammerTaskExists** Indicates whether the Update Assistant Task (Noisy Hammer) exists.
+- **RemediationNoisyHammerTaskTriggerEnabledCount** Indicates whether counting is enabled for the Update Assistant (Noisy Hammer) task trigger.
+- **RemediationNoisyHammerUAExitCode** The exit code of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUAExitState** The code for the exit state of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUserLoggedIn** TRUE if there is a user logged in.
+- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
+- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
+- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
+- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
+- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
+- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
+- **RemediationTaskHealthChkdskProactiveScan** True/False based on the health of the Check Disk task.
+- **RemediationTaskHealthDiskCleanup_SilentCleanup** True/False based on the health of the Disk Cleanup task.
+- **RemediationTaskHealthMaintenance_WinSAT** True/False based on the health of the Health Maintenance task.
+- **RemediationTaskHealthServicing_ComponentCleanupTask** True/False based on the health of the Health Servicing Component task.
+- **RemediationTaskHealthUSO_ScheduleScanTask** True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
+- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask** True/False based on the health of the Windows Update Scheduled Start task.
+- **RemediationTaskHealthWindowsUpdate_SihbootTask** True/False based on the health of the Sihboot task.
+- **RemediationUHServiceBitsServiceEnabled** Indicates whether BITS service is enabled.
+- **RemediationUHServiceDeviceInstallEnabled** Indicates whether Device Install service is enabled.
+- **RemediationUHServiceDoSvcServiceEnabled** Indicates whether DO service is enabled.
+- **RemediationUHServiceDsmsvcEnabled** Indicates whether DSMSVC service is enabled.
+- **RemediationUHServiceLicensemanagerEnabled** Indicates whether License Manager service is enabled.
+- **RemediationUHServiceMpssvcEnabled** Indicates whether MPSSVC service is enabled.
+- **RemediationUHServiceTokenBrokerEnabled** Indicates whether Token Broker service is enabled.
+- **RemediationUHServiceTrustedInstallerServiceEnabled** Indicates whether Trusted Installer service is enabled.
+- **RemediationUHServiceUsoServiceEnabled** Indicates whether USO (Update Session Orchestrator) service is enabled.
+- **RemediationUHServicew32timeServiceEnabled** Indicates whether W32 Time service is enabled.
+- **RemediationUHServiceWecsvcEnabled** Indicates whether WECSVC service is enabled.
+- **RemediationUHServiceWinmgmtEnabled** Indicates whether WMI service is enabled.
+- **RemediationUHServiceWpnServiceEnabled** Indicates whether WPN service is enabled.
+- **RemediationUHServiceWuauservServiceEnabled** Indicates whether WUAUSERV service is enabled.
+- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
+- **RunAppraiserFailed** Indicates RunAppraiser failed to run correctly.
+- **RunTask** TRUE if SIH task should be run by the plug-in.
+- **TimeServiceNTPServer** The URL for the NTP time server used by device.
+- **TimeServiceStartType** The startup type for the NTP time service.
+- **TimeServiceSyncDomainJoined** True if device domain joined and hence uses DC for clock.
+- **TimeServiceSyncType** Type of sync behavior for Date & Time service on device.
+
+
+### Microsoft.Windows.Remediation.ChangePowerProfileDetection
+
+Indicates whether the remediation system can put in a request to defer a system-initiated sleep to enable installation of security or quality updates.
+
+The following fields are available:
+
+- **ActionName** A descriptive name for the plugin action
+- **CurrentPowerPlanGUID** The ID of the current power plan configured on the device
+- **CV** Correlation vector
+- **GlobalEventCounter** Counter that indicates the ordering of events on the device
+- **PackageVersion** Current package version of remediation service
+- **RemediationBatteryPowerBatteryLevel** Integer between 0 and 100 indicating % battery power remaining (if not on battery, expect 0)
+- **RemediationFUInProcess** Result that shows whether the device is currently installing a feature update
+- **RemediationFURebootRequred** Indicates that a feature update reboot required was detected so the plugin will exit.
+- **RemediationScanInProcess** Result that shows whether the device is currently scanning for updates
+- **RemediationTargetMachine** Result that shows whether this device is a candidate for remediation(s) that will fix update issues
+- **SetupMutexAvailable** Result that shows whether setup mutex is available or not
+- **SysPowerStatusAC** Result that shows whether system is on AC power or not
+
+
+### Microsoft.Windows.Remediation.Completed
+
+This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+
+The following fields are available:
+
+- **ActionName** Name of the action to be completed by the plug-in.
+- **AppraiserTaskCreationFailed** TRUE if the appraiser task creation failed to complete successfully.
+- **AppraiserTaskDeleteFailed** TRUE if deletion of appraiser task failed to complete successfully.
+- **AppraiserTaskExistFailed** TRUE if detection of the appraiser task failed to complete successfully.
+- **AppraiserTaskLoadXmlFailed** TRUE if the Appraiser XML Loader failed to complete successfully.
+- **AppraiserTaskMissing** TRUE if the Appraiser task is missing.
+- **AppraiserTaskTimeTriggerUpdateFailedId** TRUE if the Appraiser Task Time Trigger failed to update successfully.
+- **AppraiserTaskValidateTaskXmlFailed** TRUE if the Appraiser Task XML failed to complete successfully.
+- **branchReadinessLevel** Branch readiness level policy.
+- **cloudControlState** Value indicating whether the shell is enabled on the cloud control settings.
+- **CrossedDiskSpaceThreshold** Indicates if cleanup resulted in hard drive usage threshold required for feature update to be exceeded.
+- **CV** The Correlation Vector.
+- **DateTimeDifference** The difference between the local and reference clocks.
+- **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
+- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
+- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
+- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
+- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
+- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **hasRolledBack** Indicates whether the client machine has rolled back.
+- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
+- **hResult** The result of the event execution.
+- **HResult** The result of the event execution.
+- **installDate** The value of installDate registry key. Indicates the install date.
+- **isNetworkMetered** Indicates whether the client machine has uninstalled a later version of the OS.
+- **LatestState** The final state of the plug-in component.
+- **MicrosoftCompatibilityAppraiser** The name of the component targeted by the Appraiser plug-in.
+- **PackageVersion** The package version for the current Remediation.
+- **PageFileCount** The number of Windows Page files.
+- **PageFileCurrentSize** The size of the Windows Page file, measured in Megabytes.
+- **PageFileLocation** The storage location (directory path) of the Windows Page file.
+- **PageFilePeakSize** The maximum amount of hard disk space used by the Windows Page file, measured in Megabytes.
+- **PluginName** The name of the plug-in specified for each generic plug-in event.
+- **RanCleanup** TRUE if the plug-in ran disk cleanup.
+- **RemediationBatteryPowerBatteryLevel** Indicates the battery level at which it is acceptable to continue operation.
+- **RemediationBatteryPowerExitDueToLowBattery** True when we exit due to low battery power.
+- **RemediationBatteryPowerOnBattery** True if we allow execution on battery.
+- **RemediationConfigurationTroubleshooterExecuted** True/False based on whether the Remediation Configuration Troubleshooter executed successfully.
+- **RemediationConfigurationTroubleshooterIpconfigFix** TRUE if IPConfig Fix completed successfully.
+- **RemediationConfigurationTroubleshooterNetShFix** TRUE if network card cache reset ran successfully.
+- **RemediationDiskCleanSizeBtWindowsFolderInMegabytes** The size of the Windows BT folder (used to store Windows upgrade files), measured in Megabytes.
+- **RemediationDiskCleanupBTFolderEsdSizeInMB** The size of the Windows BT folder (used to store Windows upgrade files) ESD (Electronic Software Delivery), measured in Megabytes.
+- **RemediationDiskCleanupGetCurrentEsdSizeInMB** The size of any existing ESD (Electronic Software Delivery) folder, measured in Megabytes.
+- **RemediationDiskCleanupSearchFileSizeInMegabytes** The size of the Cleanup Search index file, measured in Megabytes.
+- **RemediationDiskCleanupUpdateAssistantSizeInMB** The size of the Update Assistant folder, measured in Megabytes.
+- **RemediationDoorstopChangeSucceeded** TRUE if Doorstop registry key was successfully modified.
+- **RemediationDoorstopExists** TRUE if there is a One Settings Doorstop value.
+- **RemediationDoorstopRegkeyError** TRUE if an error occurred accessing the Doorstop registry key.
+- **RemediationDRFKeyDeleteSucceeded** TRUE if the RecoveredFrom (Doorstop) registry key was successfully deleted.
+- **RemediationDUABuildNumber** The build number of the DUA.
+- **RemediationDUAKeyDeleteSucceeded** TRUE if the UninstallActive registry key was successfully deleted.
+- **RemediationDuplicateTokenSucceeded** TRUE if the user token was successfully duplicated.
+- **remediationExecution** Remediation shell is in "applying remediation" state.
+- **RemediationHibernationMigrated** TRUE if hibernation was migrated.
+- **RemediationHibernationMigrationSucceeded** TRUE if hibernation migration succeeded.
+- **RemediationImpersonateUserSucceeded** TRUE if the user was successfully impersonated.
+- **RemediationNoisyHammerTaskKickOffIsSuccess** TRUE if the NoisyHammer task started successfully.
+- **RemediationQueryTokenSucceeded** TRUE if the user token was successfully queried.
+- **RemediationRanHibernation** TRUE if the system entered Hibernation.
+- **RemediationRevertToSystemSucceeded** TRUE if reversion to the system context succeeded.
+- **RemediationShellHasUpgraded** TRUE if the device upgraded.
+- **RemediationShellMinimumTimeBetweenShellRuns** Indicates the time between shell runs exceeded the minimum required to execute plugins.
+- **RemediationShellRunFromService** TRUE if the shell driver was run from the service.
+- **RemediationShellSessionIdentifier** Unique identifier tracking a shell session.
+- **RemediationShellSessionTimeInSeconds** Indicates the time the shell session took in seconds.
+- **RemediationShellTaskDeleted** Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation.
+- **RemediationUpdateServiceHealthRemediationResult** The result of the Update Service Health plug-in.
+- **RemediationUpdateTaskHealthRemediationResult** The result of the Update Task Health plug-in.
+- **RemediationUpdateTaskHealthTaskList** A list of tasks fixed by the Update Task Health plug-in.
+- **RemediationWindowsLogSpaceFound** The size of the Windows log files found, measured in Megabytes.
+- **RemediationWindowsLogSpaceFreed** The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
+- **RemediationWindowsSecondaryDriveFreeSpace** The amount of free space on the secondary drive, measured in Megabytes.
+- **RemediationWindowsSecondaryDriveLetter** The letter designation of the first secondary drive with a total capacity of 10GB or more.
+- **RemediationWindowsSecondaryDriveTotalSpace** The total storage capacity of the secondary drive, measured in Megabytes.
+- **RemediationWindowsTotalSystemDiskSize** The total storage capacity of the System Disk Drive, measured in Megabytes.
+- **Result** The HRESULT for Detection or Perform Action phases of the plug-in.
+- **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in.
+- **ServiceHealthPlugin** The nae of the Service Health plug-in.
+- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully.
+- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs.
+- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
+- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes.
+- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Windows Store cache after cleanup, measured in Megabytes.
+- **TotalSizeofStoreCacheBeforeCleanupInMegabytes** The size of the Windows Store cache (prior to cleanup), measured in Megabytes.
+- **uninstallActive** TRUE if previous uninstall has occurred for current OS
+- **usoScanDaysSinceLastScan** The number of days since the last USO (Update Session Orchestrator) scan.
+- **usoScanInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsAllowAutoUpdateKeyPresent** TRUE if the AllowAutoUpdate registry key is set.
+- **usoScanIsAllowAutoUpdateProviderSetKeyPresent** TRUE if AllowAutoUpdateProviderSet registry key is set.
+- **usoScanIsAuOptionsPresent** TRUE if Auto Update Options registry key is set.
+- **usoScanIsFeatureUpdateInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
+- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
+- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
+- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
+- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
+- **windowsEditionId** Event to report the value of Windows Edition ID.
+- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes.
+- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes.
+- **WindowsOldFolderSizeInMegabytes** The size of the Windows.OLD folder, measured in Megabytes.
+- **WindowsOldSpaceCleanedInMB** The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
+- **WindowsPageFileSysSizeInMegabytes** The size of the Windows Page file, measured in Megabytes.
+- **WindowsSoftwareDistributionFolderSizeInMegabytes** The size of the SoftwareDistribution folder, measured in Megabytes.
+- **WindowsSwapFileSysSizeInMegabytes** The size of the Windows Swap file, measured in Megabytes.
+- **WindowsSxsFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) folder, measured in Megabytes.
+- **WindowsSxsTempFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes.
+- **windowsUpgradeRecoveredFromRs4** Event to report the value of the Windows Upgrade Recovered key.
+
+
+### Microsoft.Windows.Remediation.RemediationShellMainExeEventId
+
+Enables tracking of completion of process that remediates issues preventing security and quality updates.
+
+The following fields are available:
+
+- **CV** Client side counter which indicates ordering of events sent by the remediation system.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by the remediation system.
+- **PackageVersion** Current package version of Remediation.
+- **RemediationShellCanAcquireSedimentMutex** True if the remediation was able to acquire the sediment mutex. False if it is already running.
+- **RemediationShellExecuteShellResult** Indicates if the remediation system completed without errors.
+- **RemediationShellFoundDriverDll** Result whether the remediation system found its component files to run properly.
+- **RemediationShellLoadedShellDriver** Result whether the remediation system loaded its component files to run properly.
+- **RemediationShellLoadedShellFunction** Result whether the remediation system loaded the functions from its component files to run properly.
+
+
+### Microsoft.Windows.Remediation.Started
+
+This event reports whether a plug-in started, to help ensure Windows is up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentLauncher.Applicable
+
+Indicates whether a given plugin is applicable.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DetectedCondition** Boolean true if detect condition is true and perform action will be run.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **IsSelfUpdateEnabledInOneSettings** True if self update enabled in Settings.
+- **IsSelfUpdateNeeded** True if self update needed by device.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentLauncher.Completed
+
+Indicates whether a given plugin has completed its work.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+- **SedLauncherExecutionResult** HRESULT for one execution of the Sediment Launcher.
+
+
+### Microsoft.Windows.SedimentLauncher.Started
+
+This event indicates that a given plug-in has started.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Applicable
+
+This event indicates whether a given plug-in is applicable.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DetectedCondition** Determine whether action needs to run based on device properties.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Completed
+
+This event indicates whether a given plug-in has completed its work.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **FailedReasons** List of reasons when the plugin action failed.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+- **SedimentServiceCheckTaskFunctional** True/False if scheduled task check succeeded.
+- **SedimentServiceCurrentBytes** Number of current private bytes of memory consumed by sedsvc.exe.
+- **SedimentServiceKillService** True/False if service is marked for kill (Shell.KillService).
+- **SedimentServiceMaximumBytes** Maximum bytes allowed for the service.
+- **SedimentServiceRetrievedKillService** True/False if result of One Settings check for kill succeeded - we only send back one of these indicators (not for each call).
+- **SedimentServiceStopping** True/False indicating whether the service is stopping.
+- **SedimentServiceTaskFunctional** True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
+- **SedimentServiceTotalIterations** Number of 5 second iterations service will wait before running again.
+
+
+### Microsoft.Windows.SedimentService.Started
+
+This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **CV** The Correlation Vector.
+- **GlobalEventCounter** The client-side counter that indicates ordering of events.
+- **PackageVersion** The version number of the current remediation package.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivationError
+
+This event indicates whether the system detected an activation error in the app.
+
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivity
+
+This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
+
+The following fields are available:
+
+- **AppActionId** The ID of the application action.
+- **AppCurrentVisibilityState** The ID of the current application visibility state.
+- **AppId** The Xbox LIVE Title ID of the app.
+- **AppPackageFullName** The full name of the application package.
+- **AppPreviousVisibilityState** The ID of the previous application visibility state.
+- **AppSessionId** The application session ID.
+- **AppType** The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
+- **BCACode** The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
+- **DurationMs** The amount of time (in milliseconds) since the last application state transition.
+- **IsTrialLicense** This boolean value is TRUE if the application is on a trial license.
+- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
+- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
+- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application.
+- **UserId** The XUID (Xbox User ID) of the current user.
+
+
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -3465,8 +4208,272 @@ The following fields are available:
- **userRegionCode** The current user's region setting
+## Remediation events
+
+### Microsoft.Windows.Remediation.Applicable
+
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
+
+The following fields are available:
+
+- **ActionName** The name of the action to be taken by the plug-in.
+- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid.
+- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
+- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
+- **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
+- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
+- **CV** Correlation vector
+- **DateTimeDifference** The difference between local and reference clock times.
+- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled.
+- **DaysSinceLastSIH** The number of days since the most recent SIH executed.
+- **DaysToNextSIH** The number of days until the next scheduled SIH execution.
+- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run.
+- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
+- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
+- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
+- **GlobalEventCounter** Client side counter that indicates ordering of events.
+- **HResult** The HRESULT for detection or perform action phases of the plugin.
+- **IsAppraiserLatestResult** The HRESULT from the appraiser task.
+- **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected.
+- **LastHresult** The HRESULT for detection or perform action phases of the plugin.
+- **LastRun** The date of the most recent SIH run.
+- **NextRun** Date of the next scheduled SIH run.
+- **PackageVersion** The version of the current remediation package.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Reload** True if SIH reload is required.
+- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
+- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
+- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
+- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
+- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
+- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
+- **RemediationNoisyHammerMeteredNetwork** TRUE if the machine is on a metered network.
+- **RemediationNoisyHammerTaskEnabled** Indicates whether the Update Assistant Task (Noisy Hammer) is enabled.
+- **RemediationNoisyHammerTaskExists** Indicates whether the Update Assistant Task (Noisy Hammer) exists.
+- **RemediationNoisyHammerTaskTriggerEnabledCount** Indicates whether counting is enabled for the Update Assistant (Noisy Hammer) task trigger.
+- **RemediationNoisyHammerUAExitCode** The exit code of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUAExitState** The code for the exit state of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUserLoggedIn** TRUE if there is a user logged in.
+- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
+- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
+- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
+- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
+- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
+- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
+- **RemediationTaskHealthChkdskProactiveScan** True/False based on the health of the Check Disk task.
+- **RemediationTaskHealthDiskCleanup_SilentCleanup** True/False based on the health of the Disk Cleanup task.
+- **RemediationTaskHealthMaintenance_WinSAT** True/False based on the health of the Health Maintenance task.
+- **RemediationTaskHealthServicing_ComponentCleanupTask** True/False based on the health of the Health Servicing Component task.
+- **RemediationTaskHealthUSO_ScheduleScanTask** True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
+- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask** True/False based on the health of the Windows Update Scheduled Start task.
+- **RemediationTaskHealthWindowsUpdate_SihbootTask** True/False based on the health of the Sihboot task.
+- **RemediationUHServiceBitsServiceEnabled** Indicates whether BITS service is enabled.
+- **RemediationUHServiceDeviceInstallEnabled** Indicates whether Device Install service is enabled.
+- **RemediationUHServiceDoSvcServiceEnabled** Indicates whether DO service is enabled.
+- **RemediationUHServiceDsmsvcEnabled** Indicates whether DSMSVC service is enabled.
+- **RemediationUHServiceLicensemanagerEnabled** Indicates whether License Manager service is enabled.
+- **RemediationUHServiceMpssvcEnabled** Indicates whether MPSSVC service is enabled.
+- **RemediationUHServiceTokenBrokerEnabled** Indicates whether Token Broker service is enabled.
+- **RemediationUHServiceTrustedInstallerServiceEnabled** Indicates whether Trusted Installer service is enabled.
+- **RemediationUHServiceUsoServiceEnabled** Indicates whether USO (Update Session Orchestrator) service is enabled.
+- **RemediationUHServicew32timeServiceEnabled** Indicates whether W32 Time service is enabled.
+- **RemediationUHServiceWecsvcEnabled** Indicates whether WECSVC service is enabled.
+- **RemediationUHServiceWinmgmtEnabled** Indicates whether WMI service is enabled.
+- **RemediationUHServiceWpnServiceEnabled** Indicates whether WPN service is enabled.
+- **RemediationUHServiceWuauservServiceEnabled** Indicates whether WUAUSERV service is enabled.
+- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
+- **RunAppraiserFailed** Indicates RunAppraiser failed to run correctly.
+- **RunTask** TRUE if SIH task should be run by the plug-in.
+- **TimeServiceNTPServer** The URL for the NTP time server used by device.
+- **TimeServiceStartType** The startup type for the NTP time service.
+- **TimeServiceSyncDomainJoined** True if device domain joined and hence uses DC for clock.
+- **TimeServiceSyncType** Type of sync behavior for Date & Time service on device.
+
+
+### Microsoft.Windows.Remediation.Completed
+
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep the Windows Update stack healthy.
+
+The following fields are available:
+
+- **ActionName** Name of the action to be completed by the plug-in.
+- **AppraiserTaskCreationFailed** TRUE if the appraiser task creation failed to complete successfully.
+- **AppraiserTaskDeleteFailed** TRUE if deletion of appraiser task failed to complete successfully.
+- **AppraiserTaskExistFailed** TRUE if detection of the appraiser task failed to complete successfully.
+- **AppraiserTaskLoadXmlFailed** TRUE if the Appraiser XML Loader failed to complete successfully.
+- **AppraiserTaskMissing** TRUE if the Appraiser task is missing.
+- **AppraiserTaskTimeTriggerUpdateFailedId** TRUE if the Appraiser Task Time Trigger failed to update successfully.
+- **AppraiserTaskValidateTaskXmlFailed** TRUE if the Appraiser Task XML failed to complete successfully.
+- **branchReadinessLevel** Branch readiness level policy.
+- **cloudControlState** Value indicating whether the shell is enabled on the cloud control settings.
+- **CrossedDiskSpaceThreshold** Indicates if cleanup resulted in hard drive usage threshold required for feature update to be exceeded.
+- **CV** The Correlation Vector.
+- **DateTimeDifference** The difference between the local and reference clocks.
+- **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
+- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
+- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
+- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
+- **GlobalEventCounter** Client-side counter that indicates ordering of events.
+- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **hasRolledBack** Indicates whether the client machine has rolled back.
+- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
+- **hResult** The result of the event execution.
+- **HResult** The result of the event execution.
+- **installDate** The value of installDate registry key. Indicates the install date.
+- **isNetworkMetered** Indicates whether the client machine has uninstalled a later version of the OS.
+- **LatestState** The final state of the plug-in component.
+- **MicrosoftCompatibilityAppraiser** The name of the component targeted by the Appraiser plug-in.
+- **PackageVersion** The package version for the current Remediation.
+- **PageFileCount** The number of Windows Page files.
+- **PageFileCurrentSize** The size of the Windows Page file, measured in Megabytes.
+- **PageFileLocation** The storage location (directory path) of the Windows Page file.
+- **PageFilePeakSize** The maximum amount of hard disk space used by the Windows Page file, measured in Megabytes.
+- **PluginName** The name of the plug-in specified for each generic plug-in event.
+- **RanCleanup** TRUE if the plug-in ran disk cleanup.
+- **RemediationBatteryPowerBatteryLevel** Indicates the battery level at which it is acceptable to continue operation.
+- **RemediationBatteryPowerExitDueToLowBattery** True when we exit due to low battery power.
+- **RemediationBatteryPowerOnBattery** True if we allow execution on battery.
+- **RemediationConfigurationTroubleshooterExecuted** True/False based on whether the Remediation Configuration Troubleshooter executed successfully.
+- **RemediationConfigurationTroubleshooterIpconfigFix** TRUE if IPConfig Fix completed successfully.
+- **RemediationConfigurationTroubleshooterNetShFix** TRUE if network card cache reset ran successfully.
+- **RemediationDiskCleanSizeBtWindowsFolderInMegabytes** The size of the Windows BT folder (used to store Windows upgrade files), measured in Megabytes.
+- **RemediationDiskCleanupBTFolderEsdSizeInMB** The size of the Windows BT folder (used to store Windows upgrade files) ESD (Electronic Software Delivery), measured in Megabytes.
+- **RemediationDiskCleanupGetCurrentEsdSizeInMB** The size of any existing ESD (Electronic Software Delivery) folder, measured in Megabytes.
+- **RemediationDiskCleanupSearchFileSizeInMegabytes** The size of the Cleanup Search index file, measured in Megabytes.
+- **RemediationDiskCleanupUpdateAssistantSizeInMB** The size of the Update Assistant folder, measured in Megabytes.
+- **RemediationDoorstopChangeSucceeded** TRUE if Doorstop registry key was successfully modified.
+- **RemediationDoorstopExists** TRUE if there is a One Settings Doorstop value.
+- **RemediationDoorstopRegkeyError** TRUE if an error occurred accessing the Doorstop registry key.
+- **RemediationDRFKeyDeleteSucceeded** TRUE if the RecoveredFrom (Doorstop) registry key was successfully deleted.
+- **RemediationDUABuildNumber** The build number of the DUA.
+- **RemediationDUAKeyDeleteSucceeded** TRUE if the UninstallActive registry key was successfully deleted.
+- **RemediationDuplicateTokenSucceeded** TRUE if the user token was successfully duplicated.
+- **remediationExecution** Remediation shell is in "applying remediation" state.
+- **RemediationHibernationMigrated** TRUE if hibernation was migrated.
+- **RemediationHibernationMigrationSucceeded** TRUE if hibernation migration succeeded.
+- **RemediationImpersonateUserSucceeded** TRUE if the user was successfully impersonated.
+- **RemediationNoisyHammerTaskKickOffIsSuccess** TRUE if the NoisyHammer task started successfully.
+- **RemediationQueryTokenSucceeded** TRUE if the user token was successfully queried.
+- **RemediationRanHibernation** TRUE if the system entered Hibernation.
+- **RemediationRevertToSystemSucceeded** TRUE if reversion to the system context succeeded.
+- **RemediationShellHasUpgraded** TRUE if the device upgraded.
+- **RemediationShellMinimumTimeBetweenShellRuns** Indicates the time between shell runs exceeded the minimum required to execute plugins.
+- **RemediationShellRunFromService** TRUE if the shell driver was run from the service.
+- **RemediationShellSessionIdentifier** Unique identifier tracking a shell session.
+- **RemediationShellSessionTimeInSeconds** Indicates the time the shell session took in seconds.
+- **RemediationShellTaskDeleted** Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation.
+- **RemediationUpdateServiceHealthRemediationResult** The result of the Update Service Health plug-in.
+- **RemediationUpdateTaskHealthRemediationResult** The result of the Update Task Health plug-in.
+- **RemediationUpdateTaskHealthTaskList** A list of tasks fixed by the Update Task Health plug-in.
+- **RemediationWindowsLogSpaceFound** The size of the Windows log files found, measured in Megabytes.
+- **RemediationWindowsLogSpaceFreed** The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
+- **RemediationWindowsSecondaryDriveFreeSpace** The amount of free space on the secondary drive, measured in Megabytes.
+- **RemediationWindowsSecondaryDriveLetter** The letter designation of the first secondary drive with a total capacity of 10GB or more.
+- **RemediationWindowsSecondaryDriveTotalSpace** The total storage capacity of the secondary drive, measured in Megabytes.
+- **RemediationWindowsTotalSystemDiskSize** The total storage capacity of the System Disk Drive, measured in Megabytes.
+- **Result** The HRESULT for Detection or Perform Action phases of the plug-in.
+- **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in.
+- **ServiceHealthPlugin** The nae of the Service Health plug-in.
+- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully.
+- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs.
+- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
+- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes.
+- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Windows Store cache after cleanup, measured in Megabytes.
+- **TotalSizeofStoreCacheBeforeCleanupInMegabytes** The size of the Windows Store cache (prior to cleanup), measured in Megabytes.
+- **uninstallActive** TRUE if previous uninstall has occurred for current OS
+- **usoScanDaysSinceLastScan** The number of days since the last USO (Update Session Orchestrator) scan.
+- **usoScanInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsAllowAutoUpdateKeyPresent** TRUE if the AllowAutoUpdate registry key is set.
+- **usoScanIsAllowAutoUpdateProviderSetKeyPresent** TRUE if AllowAutoUpdateProviderSet registry key is set.
+- **usoScanIsAuOptionsPresent** TRUE if Auto Update Options registry key is set.
+- **usoScanIsFeatureUpdateInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
+- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
+- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
+- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanType** The type of USO (Update Session Orchestrator) scan (Interactive or Background).
+- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
+- **windowsEditionId** Event to report the value of Windows Edition ID.
+- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes.
+- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes.
+- **WindowsOldFolderSizeInMegabytes** The size of the Windows.OLD folder, measured in Megabytes.
+- **WindowsOldSpaceCleanedInMB** The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
+- **WindowsPageFileSysSizeInMegabytes** The size of the Windows Page file, measured in Megabytes.
+- **WindowsSoftwareDistributionFolderSizeInMegabytes** The size of the SoftwareDistribution folder, measured in Megabytes.
+- **WindowsSwapFileSysSizeInMegabytes** The size of the Windows Swap file, measured in Megabytes.
+- **WindowsSxsFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) folder, measured in Megabytes.
+- **WindowsSxsTempFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) Temp folder, measured in Megabytes.
+- **windowsUpgradeRecoveredFromRs4** Event to report the value of the Windows Upgrade Recovered key.
+
+
+### Microsoft.Windows.Remediation.Started
+
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
## Sediment events
+### Microsoft.Windows.Sediment.Info.DetailedState
+
+This event is sent when detailed state information is needed from an update trial run.
+
+The following fields are available:
+
+- **Data** Data relevant to the state, such as what percent of disk space the directory takes up.
+- **Id** Identifies the trial being run, such as a disk related trial.
+- **ReleaseVer** The version of the component.
+- **State** The state of the reporting data from the trial, such as the top-level directory analysis.
+- **Time** The time the event was fired.
+
+
+### Microsoft.Windows.Sediment.Info.Error
+
+This event indicates an error in the updater payload. This information assists in keeping Windows up to date.
+
+
+
+### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings
+
+This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date.
+
+The following fields are available:
+
+- **CustomVer** The registry value for targeting.
+- **IsMetered** TRUE if the machine is on a metered network.
+- **LastVer** The version of the last successful run.
+- **ServiceVersionMajor** The Major version information of the component.
+- **ServiceVersionMinor** The Minor version information of the component.
+- **Time** The system time at which the event occurred.
+
+
+### Microsoft.Windows.Sediment.OSRSS.Error
+
+This event indicates an error occurred in the Operating System Remediation System Service (OSRSS). The information provided helps ensure future upgrade/update attempts are more successful.
+
+The following fields are available:
+
+- **FailureType** The type of error encountered.
+- **FileName** The code file in which the error occurred.
+- **HResult** The failure error code.
+- **LineNumber** The line number in the code file at which the error occurred.
+- **ServiceVersionMajor** The Major version information of the component.
+- **ServiceVersionMinor** The Minor version information of the component.
+- **Time** The system time at which the event occurred.
+
+
### Microsoft.Windows.Sediment.OSRSS.UrlState
This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL.
@@ -3481,8 +4488,116 @@ The following fields are available:
- **Time** System timestamp when the event was started.
+## Sediment Service events
+
+### Microsoft.Windows.SedimentService.Applicable
+
+This event sends simple device connectivity and configuration data about a service installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Completed
+
+This event sends simple device connectivity and configuration data about a service installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Started
+
+This event sends simple device connectivity and configuration data about a service installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+## Sediment Launcher events
+
+### Microsoft.Windows.SedimentLauncher.Applicable
+
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentLauncher.Completed
+
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentLauncher.Started
+
+This event sends simple device connectivity and configuration data about an application installed on the system that helps keep Windows up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events within Remediation application.
+- **PackageVersion** Current package version of Remediation application.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
## Setup events
+### SetupPlatformTel.SetupPlatformTelActivityEvent
+
+This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStarted
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+The following fields are available:
+
+- **Name** The name of the dynamic update type. Example: GDR driver
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStopped
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+
+
### SetupPlatformTel.SetupPlatformTelEvent
This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios.
@@ -3961,14 +5076,31 @@ The following fields are available:
- **SignatureAlgorithm** Hash algorithm for the metadata signature
- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
- **StatusCode** Result code of the event (success, cancellation, failure code HResult)
-- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token.
+- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token.
- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed.
- **UpdateId** Identifier associated with the specific piece of content
-- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp.
+- **ValidityWindowInDays** Validity window in effect when verifying the timestamp
## Update events
+### Update360Telemetry.Revert
+
+This event sends data relating to the Revert phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the Revert phase.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RebootRequired** Indicates reboot is required.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
### Update360Telemetry.UpdateAgentCommit
This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
@@ -4104,6 +5236,52 @@ The following fields are available:
- **UpdateId** Unique ID for each update.
+### Update360Telemetry.UpdateAgentMitigationResult
+
+This event sends data indicating the result of each update agent mitigation.
+
+The following fields are available:
+
+- **Applicable** Indicates whether the mitigation is applicable for the current update.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightId** Unique identifier for each flight.
+- **Index** The mitigation index of this particular mitigation.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly name of the mitigation.
+- **ObjectId** Unique value for each Update Agent mode.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentMitigationSummary
+
+This event sends a summary of all the update agent mitigations available for an this update.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **Failed** The count of mitigations that failed.
+- **FlightId** Unique identifier for each flight.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing all mitigations (in 100-nanosecond increments).
+- **Total** Total number of mitigations that were available.
+- **UpdateId** Unique ID for each update.
+
+
### Update360Telemetry.UpdateAgentModeStart
This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile.
@@ -4120,6 +5298,24 @@ The following fields are available:
- **Version** Version of update
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **Count** The count of applicable OneSettings for the device.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+- **Values** The values sent back to the device, if applicable.
+
+
### Update360Telemetry.UpdateAgentPostRebootResult
This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario.
@@ -4136,6 +5332,12 @@ The following fields are available:
- **UpdateId** Unique ID for each update.
+### Update360Telemetry.UpdateAgentReboot
+
+This event sends information indicating that a request has been sent to suspend an update.
+
+
+
### Update360Telemetry.UpdateAgentSetupBoxLaunch
The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs.
@@ -4185,7 +5387,7 @@ The following fields are available:
- **key19** UI interaction data
- **key2** Interaction data for the UI
- **key20** UI interaction data
-- **key21** Interaction data for the UI
+- **key21** UI interaction data
- **key22** UI interaction data
- **key23** UI interaction data
- **key24** UI interaction data
@@ -4197,10 +5399,10 @@ The following fields are available:
- **key3** Interaction data for the UI
- **key30** UI interaction data
- **key4** Interaction data for the UI
-- **key5** UI interaction data
-- **key6** UI interaction data
-- **key7** Interaction data for the UI
-- **key8** Interaction data for the UI
+- **key5** UI interaction type
+- **key6** Current package version of UNP
+- **key7** UI interaction type
+- **key8** UI interaction data
- **key9** UI interaction data
- **PackageVersion** Current package version of the update notification.
- **schema** UI interaction type.
@@ -4314,6 +5516,7 @@ The following fields are available:
- **DownloadRequestAttributes** The attributes we send to DCAT.
- **ResultCode** The result returned from the initialization of Facilitator with the URL/attributes.
- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **Url** The Delivery Catalog (DCAT) URL we send the request to.
- **Version** Version of Facilitator.
@@ -4376,9 +5579,9 @@ The following fields are available:
- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
-- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
- **TestId** ID that uniquely identifies a group of events.
- **WuId** Windows Update client ID.
@@ -4524,6 +5727,67 @@ The following fields are available:
- **TargetBuild** Build of the target OS.
+### Setup360Telemetry.Setup360MitigationResult
+
+This event sends data indicating the result of each setup mitigation.
+
+The following fields are available:
+
+- **Applicable** TRUE if the mitigation is applicable for the current update.
+- **ClientId** In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightData** The unique identifier for each flight (test release).
+- **Index** The mitigation index of this particular mitigation.
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly (descriptive) name of the mitigation.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly (descriptive) name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+
+
+### Setup360Telemetry.Setup360MitigationSummary
+
+This event sends a summary of all the setup mitigations available for this update.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Failed** The count of mitigations that failed.
+- **FlightData** The unique identifier for each flight (test release).
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **Total** The total number of mitigations that were available.
+
+
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Count** The count of applicable OneSettings for the device.
+- **FlightData** The ID for the flight (test instance version).
+- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **ReportId** The Update ID passed to Setup.
+- **Result** The HResult of the event error.
+- **ScenarioId** The update scenario ID.
+- **Values** Values sent back to the device, if applicable.
+
+
### Setup360Telemetry.UnexpectedEvent
This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
@@ -4538,7 +5802,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@@ -4570,6 +5834,26 @@ The following fields are available:
- **versionString** Version of the WaaSMedic engine.
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId** Uint32 identifying the boot number for this device.
+- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1** Uint64 parameter providing additional information.
+- **BugCheckParameter2** Uint64 parameter providing additional information.
+- **BugCheckParameter3** Uint64 parameter providing additional information.
+- **BugCheckParameter4** Uint64 parameter providing additional information.
+- **DumpFileAttributes** Codes that identify the type of data contained in the dump file
+- **DumpFileSize** Size of the dump file
+- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise
+- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
+
+
## Windows Error Reporting MTT events
### Microsoft.Windows.WER.MTT.Denominator
@@ -4982,7 +6266,7 @@ The following fields are available:
- **current** Result of currency check.
- **dismOperationSucceeded** Dism uninstall operation status.
-- **hResult** Failure error code.
+- **hResult** Failure Error code.
- **oSVersion** Build number of the device.
- **paused** Indicates whether the device is paused.
- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
@@ -5023,7 +6307,7 @@ The following fields are available:
- **current** Result of currency check.
- **dismOperationSucceeded** Dism uninstall operation status.
-- **hResult** Failure error code.
+- **hResult** Failure Error code.
- **oSVersion** Build number of the device.
- **paused** Indicates whether the device is paused.
- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
@@ -5058,45 +6342,128 @@ This event sends basic telemetry on the success of the rollback of the Quality/L
## Windows Update Delivery Optimization events
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
-This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads.
+This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads.
The following fields are available:
-- **background** Indicates whether the download is happening in the background.
-- **bytesRequested** Number of bytes requested for the download.
+- **background** Is the download being done in the background?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
- **callerName** Name of the API caller.
-- **cdnUrl** The URL of the source CDN
-- **costFlags** A set of flags representing network cost.
-- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM).
-- **diceRoll** Random number used for determining if a client will use peering.
-- **doClientVersion** The version of the Delivery Optimization client.
-- **doErrorCode** The Delivery Optimization error code that was returned.
-- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
-- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
- **errorCode** The error code that was returned.
-- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing.
+- **experimentId** When running a test, this is used to correlate events that are part of the same test.
- **fileID** The ID of the file being downloaded.
-- **filePath** The path to where the downloaded file will be written.
-- **fileSize** Total file size of the file that was downloaded.
-- **fileSizeCaller** Value for total file size provided by our caller.
-- **groupID** ID for the group.
-- **isEncrypted** Indicates whether the download is encrypted.
-- **isVpn** Indicates whether the device is connected to a Virtual Private Network.
-- **jobID** The ID of the Windows Update job.
-- **minDiskSizeGB** The minimum disk size (in GB) policy set for the device to allow peering with delivery optimization.
-- **minDiskSizePolicyEnforced** Indicates whether there is an enforced minimum disk size requirement for peering.
-- **minFileSizePolicy** The minimum content file size policy to allow the download using peering with delivery optimization.
-- **peerID** The ID for this delivery optimization client.
-- **predefinedCallerName** Name of the API caller.
+- **gCurMemoryStreamBytes** Current usage for memory streaming.
+- **gMaxMemoryStreamBytes** Maximum usage for memory streaming.
+- **isVpn** Indicates whether the device is connected to a VPN (Virtual Private Network).
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller.
+- **reasonCode** Reason the action or event occurred.
- **scenarioID** The ID of the scenario.
-- **sessionID** The ID for the file download session.
-- **setConfigs** A JSON representation of the configurations that have been set, and their sources.
+- **sessionID** The ID of the file download session.
- **updateID** The ID of the update being downloaded.
-- **usedMemoryStream** Indicates whether the download used memory streaming.
+- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads.
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
+
+This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **bytesRequested** The total number of bytes requested for download.
+- **cacheServerConnectionCount** Number of connections made to cache hosts.
+- **callerName** Name of the API caller.
+- **cdnConnectionCount** The total number of connections made to the CDN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP address of the source CDN.
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **doErrorCode** The Delivery Optimization error code that was returned.
+- **downlinkBps** The maximum measured available download bandwidth (in bytes per second).
+- **downlinkUsageBps** The download speed (in bytes per second).
+- **downloadMode** The download mode used for this file download session.
+- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **fileSize** The size of the file being downloaded.
+- **gCurMemoryStreamBytes** Current usage for memory streaming.
+- **gMaxMemoryStreamBytes** Maximum usage for memory streaming.
+- **groupConnectionCount** The total number of connections made to peers in the same group.
+- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group.
+- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **lanConnectionCount** The total number of connections made to peers in the same LAN.
+- **numPeers** The total number of peers used for this download.
+- **predefinedCallerName** The name of the API Caller.
+- **restrictedUpload** Is the upload restricted?
+- **scenarioID** The ID of the scenario.
+- **sessionID** The ID of the download session.
+- **totalTimeMs** Duration of the download (in seconds).
+- **updateID** The ID of the update being downloaded.
+- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
+- **uplinkUsageBps** The upload speed (in bytes per second).
+- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
+
+This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **callerName** The name of the API caller.
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being paused.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller object.
+- **reasonCode** The reason for pausing the download.
+- **scenarioID** The ID of the scenario.
+- **sessionID** The ID of the download session.
+- **updateID** The ID of the update being paused.
+
+### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
+
+This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **cdnHeaders** The HTTP headers returned by the CDN.
+- **cdnIp** The IP address of the CDN.
+- **cdnUrl** The URL of the CDN.
+- **clientTelId** A random number used for device sampling.
+- **errorCode** The error code that was returned.
+- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **httpStatusCode** The HTTP status code returned by the CDN.
+- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET
+- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
+- **requestOffset** The byte offset within the file in the sent request.
+- **requestSize** The size of the range requested from the CDN.
+- **responseSize** The size of the range response received from the CDN.
+- **sessionID** The ID of the download session.
+
## Windows Update events
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
@@ -5443,7 +6810,7 @@ The following fields are available:
- **displayNeededReason** List of reasons for needing display.
- **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
+- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery)..
- **gameModeReason** Name of the executable that caused the game mode state check to start.
- **ignoredReason** List of reasons that were intentionally ignored.
- **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery).
@@ -5462,9 +6829,9 @@ The following fields are available:
- **deferReason** Reason why the device could not check for updates.
- **detectionBlockingPolicy** State of update action.
-- **detectionBlockreason** Reason for blocking detection
+- **detectionBlockreason** If we retry to scan
- **detectionRetryMode** Indicates whether we will try to scan again.
-- **errorCode** Error info
+- **errorCode** State of update action
- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
- **flightID** The specific ID of the Windows Insider build the device is getting.
- **interactive** Indicates whether the session was user initiated.
@@ -5472,7 +6839,7 @@ The following fields are available:
- **revisionNumber** Update revision number.
- **scanTriggerSource** Source of the triggered scan.
- **updateId** Update ID.
-- **updateScenarioType** Source of the triggered scan
+- **updateScenarioType** Update Session type
- **wuDeviceid** Device ID
@@ -5557,7 +6924,7 @@ This event is sent during update scan, download, or install, and indicates that
The following fields are available:
-- **configVersion** Escalation config version on device .
+- **configVersion** Escalation config version on device.
- **downloadElapsedTime** Indicates how long since the download is required on device.
- **downloadRiskLevel** At-risk level of download phase.
- **installElapsedTime** Indicates how long since the install is required on device.
@@ -5585,7 +6952,7 @@ This event indicates that the update is no longer applicable to this device.
The following fields are available:
-- **EventPublishedTime** Time when this event was generated
+- **EventPublishedTime** Time when this event was generated.
- **flightID** The specific ID of the Windows Insider build.
- **revisionNumber** Update revision number.
- **updateId** Unique Windows Update ID.
@@ -5633,7 +7000,7 @@ The following fields are available:
- **deferReason** Reason for install not completing.
- **errorCode** The error code reppresented by a hexadecimal value.
- **eventScenario** End-to-end update session ID.
-- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **flightID** Unique update ID
- **flightUpdate** Indicates whether the update is a Windows Insider build.
- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates.
- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress.
@@ -5648,6 +7015,31 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.LowUptimes
+
+This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure.
+
+The following fields are available:
+
+- **isLowUptimeMachine** Is the machine considered low uptime or not.
+- **lowUptimeMinHours** Current setting for the minimum number of hours needed to not be considered low uptime.
+- **lowUptimeQueryDays** Current setting for the number of recent days to check for uptime.
+- **uptimeMinutes** Number of minutes of uptime measured.
+- **wuDeviceid** Unique device ID for Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
+
+This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date.
+
+The following fields are available:
+
+- **externalOneshotupdate** The last time a task-triggered scan was completed.
+- **interactiveOneshotupdate** The last time an interactive scan was completed.
+- **oldlastscanOneshotupdate** The last time a scan completed successfully.
+- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID).
+
+
### Microsoft.Windows.Update.Orchestrator.PostInstall
This event is sent after a Windows update install completes.
@@ -5723,6 +7115,18 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.RefreshSettings
+
+This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode** Hex code for the error message, to allow lookup of the specific error.
+- **settingsDownloadTime** Timestamp of the last attempt to acquire settings.
+- **settingsETag** Version identifier for the settings.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date.
@@ -5819,6 +7223,76 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
+
+This event sends information about an update that encountered problems and was not able to complete.
+
+The following fields are available:
+
+- **errorCode** The error code encountered.
+- **wuDeviceid** The ID of the device in which the error occurred.
+
+
+### Microsoft.Windows.Update.Orchestrator.USODiagnostics
+
+This event sends data on whether the state of the update attempt, to help keep Windows up to date.
+
+The following fields are available:
+
+- **LastApplicableUpdateFoundTime** The time when the last applicable update was found.
+- **LastDownloadDeferredReason** The last reason download was deferred.
+- **LastDownloadDeferredTime** The time of the download deferral.
+- **LastDownloadFailureError** The last download failure.
+- **LastDownloadFailureTime** The time of the last download failure.
+- **LastInstallCompletedTime** The time when the last successful install completed.
+- **LastInstallDeferredReason** The reason the last install was deferred.
+- **LastInstallDeferredTime** The time when the last install was deferred.
+- **LastInstallFailureError** The error code associated with the last install failure.
+- **LastInstallFailureTime** The time when the last install failed to complete.
+- **LastRebootDeferredReason** The reason the last reboot was deferred.
+- **LastRebootDeferredTime** The time when the last reboot was deferred.
+- **LastRebootPendingTime** The time when the last reboot state was set to “Pending”.
+- **LastScanDeferredReason** The reason the last scan was deferred.
+- **LastScanDeferredTime** The time when the last scan was deferred.
+- **LastScanFailureError** The error code for the last scan failure.
+- **LastScanFailureTime** The time when the last scan failed.
+- **LastUpdateCheckTime** The time of the last update check.
+- **LastUpdateDownloadTime** The time when the last update was downloaded.
+- **LastUpgradeInstallFailureError** The error code for the last upgrade install failure.
+- **LastUpgradeInstallFailureTime** The time of the last upgrade install failure.
+- **LowUpTimeDetectTime** The last time “low up-time” was detected.
+- **NoLowUpTimeDetectTime** The last time no “low up-time” was detected.
+- **RebootRequired** Indicates reboot is required.
+- **UpgradeInProgressTime** The amount of time a feature update has been in progress.
+- **WaaSFeatureAssessmentDays** The number of days Feature Update Assessment has been out of date.
+- **WaaSFeatureAssessmentImpact** The impact of the Feature Update Assessment.
+- **WaaSUpToDateAssessmentDays** The number of days Quality Update Assessment has been out of date.
+- **WaaSUpToDateAssessmentImpact** The impact of Quality Update Assessment.
+- **wuDeviceid** Unique ID for Device
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
+
+This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
+- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed.
+- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs.
+- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode.
+- **ETag** The Entity Tag that represents the OneSettings version.
+- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device.
+- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device.
+- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending.
+- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode.
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+
+
### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
This event is sent when a security update has successfully completed.
@@ -5872,6 +7346,25 @@ The following fields are available:
- **TaskName** Name of the task
+### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
+
+This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up to date.
+
+The following fields are available:
+
+- **activeHoursApplicable** Is the restart respecting Active Hours?
+- **IsEnhancedEngagedReboot** TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE.
+- **rebootArgument** The arguments that are passed to the OS for the restarted.
+- **rebootOutsideOfActiveHours** Was the restart scheduled outside of Active Hours?
+- **rebootScheduledByUser** Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
+- **rebootState** The state of the restart.
+- **revisionNumber** The revision number of the OS being updated.
+- **scheduledRebootTime** Time of the scheduled reboot
+- **scheduledRebootTimeInUTC** Time of the scheduled restart, in Coordinated Universal Time.
+- **updateId** The Windows Update device GUID.
+- **wuDeviceid** The Windows Update device GUID.
+
+
## Windows Update mitigation events
### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
@@ -5880,21 +7373,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS
The following fields are available:
-- **ClientId** Unique identifier for each flight.
-- **FlightId** Unique GUID that identifies each instances of setuphost.exe.
-- **InstanceId** The update scenario in which the mitigation was executed.
-- **MitigationScenario** Number of mounted images.
-- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT.
-- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed.
-- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed.
-- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT.
-- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan.
-- **RelatedCV** HResult of this operation.
-- **Result** ID indicating the mitigation scenario.
-- **ScenarioId** Indicates whether the scenario was supported.
-- **ScenarioSupported** Unique value for each update attempt.
-- **SessionId** Unique ID for each Update.
-- **UpdateId** Unique ID for the Windows Update client.
+- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightId** Unique identifier for each flight.
+- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **MountedImageCount** Number of mounted images.
+- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT.
+- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed.
+- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed.
+- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each Update.
- **WuId** Unique ID for the Windows Update client.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index 0755ce1e09..b83547ea2a 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
-ms.date: 10/03/2018
+ms.date: 11/07/2018
---
@@ -20,7 +20,7 @@ ms.date: 10/03/2018
- Windows 10, version 1809
-The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
+The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Windows Store. When the level is set to Basic, it also includes the Security level information.
The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
@@ -281,7 +281,7 @@ The following fields are available:
- **DatasourceApplicationFile_TH1** The count of the number of this particular object type present on this device.
- **DatasourceApplicationFile_TH2** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device.
-- **DatasourceDevicePnp_RS2** The count of DatasourceApplicationFile objects present on this machine targeting the next release of Windows
+- **DatasourceDevicePnp_RS2** The total DatasourceDevicePnp objects targeting Windows 10 version 1703 present on this device.
- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device.
- **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_RS4Setup** The count of the number of this particular object type present on this device.
@@ -295,7 +295,7 @@ The following fields are available:
- **DatasourceDriverPackage_TH1** The count of the number of this particular object type present on this device.
- **DatasourceDriverPackage_TH2** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device.
-- **DataSourceMatchingInfoBlock_RS2** The count of DatasourceDevicePnp objects present on this machine targeting the next release of Windows
+- **DataSourceMatchingInfoBlock_RS2** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device.
- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device.
- **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device.
@@ -309,7 +309,7 @@ The following fields are available:
- **DataSourceMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS2** The count of DatasourceDriverPackage objects present on this machine targeting the next release of Windows
+- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
- **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device.
@@ -330,7 +330,7 @@ The following fields are available:
- **DecisionApplicationFile_TH1** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_TH2** The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device.
-- **DecisionDevicePnp_RS2** The count of DataSourceMatchingInfoBlock objects present on this machine targeting the next release of Windows
+- **DecisionDevicePnp_RS2** The total DecisionDevicePnp objects targeting Windows 10 version 1703 present on this device.
- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device.
- **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_RS4Setup** The count of the number of this particular object type present on this device.
@@ -344,7 +344,7 @@ The following fields are available:
- **DecisionDriverPackage_TH1** The count of the number of this particular object type present on this device.
- **DecisionDriverPackage_TH2** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device.
-- **DecisionMatchingInfoBlock_RS2** The count of DataSourceMatchingInfoPassive objects present on this machine targeting the next release of Windows
+- **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device.
- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
- **DecisionMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device.
@@ -358,14 +358,14 @@ The following fields are available:
- **DecisionMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
-- **DecisionMatchingInfoPostUpgrade_RS2** The count of DataSourceMatchingInfoPostUpgrade objects present on this machine targeting the next release of Windows
+- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 present on this device.
- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
- **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device.
- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device.
-- **DecisionMediaCenter_RS2** The count of DatasourceSystemBios objects present on this machine targeting the next release of Windows
+- **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device.
- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device.
- **DecisionMediaCenter_RS4** The count of the number of this particular object type present on this device.
- **DecisionMediaCenter_RS4Setup** The count of the number of this particular object type present on this device.
@@ -395,7 +395,7 @@ The following fields are available:
- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
- **SystemWlan** The count of the number of this particular object type present on this device.
- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
-- **Wmdrm_RS2** The count of InventoryLanguagePack objects present on this machine.
+- **Wmdrm_RS2** The total Wmdrm objects targeting Windows 10 version 1703 present on this device.
- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device.
- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
- **Wmdrm_RS4Setup** The count of the number of this particular object type present on this device.
@@ -666,7 +666,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates that the DecisionApplicationFile object is no longer present.
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -1013,7 +1013,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -1818,14 +1818,18 @@ The following fields are available:
- **AdvertisingId** Current state of the advertising ID setting.
- **AppDiagnostics** Current state of the app diagnostics setting.
- **Appointments** Current state of the calendar setting.
+- **AppointmentsSystem** Current state of the calendar setting.
- **Bluetooth** Current state of the Bluetooth capability setting.
- **BluetoothSync** Current state of the Bluetooth sync capability setting.
- **BroadFileSystemAccess** Current state of the broad file system access setting.
- **CellularData** Current state of the cellular data capability setting.
- **Chat** Current state of the chat setting.
+- **ChatSystem** Current state of the chat setting.
- **Contacts** Current state of the contacts setting.
+- **ContactsSystem** Current state of the Contacts setting.
- **DocumentsLibrary** Current state of the documents library setting.
- **Email** Current state of the email setting.
+- **EmailSystem** Current state of the email setting.
- **FindMyDevice** Current state of the "find my device" setting.
- **GazeInput** Current state of the gaze input setting.
- **HumanInterfaceDevice** Current state of the human interface device setting.
@@ -1837,6 +1841,7 @@ The following fields are available:
- **Microphone** Current state of the microphone setting.
- **PhoneCall** Current state of the phone call setting.
- **PhoneCallHistory** Current state of the call history setting.
+- **PhoneCallHistorySystem** Current state of the call history setting.
- **PicturesLibrary** Current state of the pictures library setting.
- **Radios** Current state of the radios setting.
- **SensorsCustom** Current state of the custom sensor setting.
@@ -1846,6 +1851,7 @@ The following fields are available:
- **USB** Current state of the USB setting.
- **UserAccountInformation** Current state of the account information setting.
- **UserDataTasks** Current state of the tasks setting.
+- **UserDataTasksSystem** Current state of the tasks setting.
- **UserNotificationListener** Current state of the notifications setting.
- **VideosLibrary** Current state of the videos library setting.
- **Webcam** Current state of the camera setting.
@@ -1979,14 +1985,18 @@ The following fields are available:
- **AdvertisingId** Current state of the advertising ID setting.
- **AppDiagnostics** Current state of the app diagnostics setting.
- **Appointments** Current state of the calendar setting.
+- **AppointmentsSystem** Current state of the calendar setting.
- **Bluetooth** Current state of the Bluetooth capability setting.
- **BluetoothSync** Current state of the Bluetooth sync capability setting.
- **BroadFileSystemAccess** Current state of the broad file system access setting.
- **CellularData** Current state of the cellular data capability setting.
- **Chat** Current state of the chat setting.
+- **ChatSystem** Current state of the chat setting.
- **Contacts** Current state of the contacts setting.
+- **ContactsSystem** Current state of the contacts setting.
- **DocumentsLibrary** Current state of the documents library setting.
- **Email** Current state of the email setting.
+- **EmailSystem** Current state of the email setting.
- **GazeInput** Current state of the gaze input setting.
- **HumanInterfaceDevice** Current state of the human interface device setting.
- **InkTypeImprovement** Current state of the improve inking and typing setting.
@@ -1998,6 +2008,7 @@ The following fields are available:
- **Microphone** Current state of the microphone setting.
- **PhoneCall** Current state of the phone call setting.
- **PhoneCallHistory** Current state of the call history setting.
+- **PhoneCallHistorySystem** Current state of the call history setting.
- **PicturesLibrary** Current state of the pictures library setting.
- **Radios** Current state of the radios setting.
- **SensorsCustom** Current state of the custom sensor setting.
@@ -2007,6 +2018,7 @@ The following fields are available:
- **USB** Current state of the USB setting.
- **UserAccountInformation** Current state of the account information setting.
- **UserDataTasks** Current state of the tasks setting.
+- **UserDataTasksSystem** Current state of the tasks setting.
- **UserNotificationListener** Current state of the notifications setting.
- **VideosLibrary** Current state of the videos library setting.
- **Webcam** Current state of the camera setting.
@@ -2256,6 +2268,59 @@ The following fields are available:
## Component-based servicing events
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update.
+
+The following fields are available:
+
+- **architecture** Indicates the scan was limited to the specified architecture.
+- **capabilityCount** The number of optional content packages found during the scan.
+- **clientId** The name of the application requesting the optional content.
+- **duration** The amount of time it took to complete the scan.
+- **hrStatus** The HReturn code of the scan.
+- **language** Indicates the scan was limited to the specified language.
+- **majorVersion** Indicates the scan was limited to the specified major version.
+- **minorVersion** Indicates the scan was limited to the specified minor version.
+- **namespace** Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter** A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update.
+
+The following fields are available:
+
+- **capabilities** The names of the optional content packages that were installed.
+- **clientId** The name of the application requesting the optional content.
+- **currentID** The ID of the current install session.
+- **highestState** The highest final install state of the optional content.
+- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version.
+- **hrStatus** The HReturn code of the install operation.
+- **rebootCount** The number of reboots required to complete the install.
+- **retryID** The session ID that will be used to retry a failed operation.
+- **retryStatus** Indicates whether the install will be retried in the event of failure.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId** The name of the application requesting the optional content.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+
+
### CbsServicingProvider.CbsLateAcquisition
This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date.
@@ -2266,6 +2331,28 @@ The following fields are available:
- **RetryID** The ID identifying the retry attempt to update the listed packages.
+### CbsServicingProvider.CbsPackageRemoval
+
+This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build number of the security update being uninstalled.
+- **clientId** The name of the application requesting the uninstall.
+- **currentStateEnd** The final state of the update after the operation.
+- **failureDetails** Information about the cause of a failure, if applicable.
+- **failureSourceEnd** The stage during the uninstall where the failure occurred.
+- **hrStatusEnd** The overall exit code of the operation.
+- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image.
+- **majorVersion** The major version number of the security update being uninstalled.
+- **minorVersion** The minor version number of the security update being uninstalled.
+- **originalState** The starting state of the update before the operation.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+- **primitiveExecutionContext** The state during system startup when the uninstall was completed.
+- **revisionVersion** The revision number of the security update being uninstalled.
+- **transactionCanceled** Indicates whether the uninstall was cancelled.
+
+
## Deployment extensions
### DeploymentTelemetry.Deployment_End
@@ -3009,6 +3096,87 @@ The following fields are available:
- **CV** Correlation vector.
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter.
+- **aiSeqId** The event sequence ID.
+- **bootId** The system boot ID.
+- **BrightnessVersionViaDDI** The version of the Display Brightness Interface.
+- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload.
+- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes).
+- **DisplayAdapterLuid** The display adapter LUID.
+- **DriverDate** The date of the display driver.
+- **DriverRank** The rank of the display driver.
+- **DriverVersion** The display driver version.
+- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
+- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
+- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
+- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
+- **GPUDeviceID** The GPU device ID.
+- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID** The GPU revision ID.
+- **GPUVendorID** The GPU vendor ID.
+- **InterfaceId** The GPU interface ID.
+- **IsDisplayDevice** Does the GPU have displaying capabilities?
+- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA** Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported** Does the GPU support Miracast?
+- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported** Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter** Is this GPU the POST GPU in the device?
+- **IsRemovable** TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice** Does the GPU have rendering capabilities?
+- **IsSoftwareDevice** Is this a software implementation of the GPU?
+- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store.
+- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NumVidPnSources** The number of supported display output sources.
+- **NumVidPnTargets** The number of supported display output targets.
+- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID** The subsystem ID.
+- **SubVendorID** The GPU sub vendor ID.
+- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version** The event version.
+- **WDDMVersion** The Windows Display Driver Model version.
+
+
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+
+The following fields are available:
+
+- **AppName** The name of the app that has hung.
+- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion** The version of the app that has hung.
+- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has hung.
+- **ProcessId** The ID of the process that has hung.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported.
+- **TargetAsId** The sequence number for the hanging process.
+- **TypeCode** Bitmap describing the hang type.
+- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
+- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
+- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
+
+
## Inventory events
### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
@@ -3104,8 +3272,8 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
-- **InventoryVersion** The version of the inventory component
-- **ProgramIds** The unique program identifier the driver is associated with
+- **InventoryVersion** The version of the inventory component.
+- **ProgramIds** The unique program identifier the driver is associated with.
### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
@@ -3308,9 +3476,10 @@ The following fields are available:
- **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
- **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage.
- **Enumerator** The date of the driver loaded for the device.
+- **ExtendedInfs** The extended INF file names.
- **HWID** The version of the driver loaded for the device.
- **Inf** The bus that enumerated the device.
-- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx
+- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
- **InventoryVersion** List of hardware ids for the device.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device
- **LowerFilters** Lower filter drivers IDs installed for the device
@@ -3463,6 +3632,18 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
+### Microsoft.Windows.Inventory.Core.StartUtcJsonTrace
+
+This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
+
+
+
+### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
+
+This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
+
+
+
### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
This event sends details collected for a specific application on the source device.
@@ -3510,27 +3691,27 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
-- **AddinCLSID** The CLSID for the Office add-in.
-- **AddInId** Office add-in ID.
-- **AddinType** Office add-in Type.
-- **BinFileTimestamp** Timestamp of the Office add-in.
-- **BinFileVersion** Version of the Office add-in.
-- **Description** Office add-in description.
-- **FileId** FileId of the Office add-in.
-- **FileSize** File size of the Office add-in.
-- **FriendlyName** Friendly name for office add-in.
-- **FullPath** Unexpanded path to the office add-in.
+- **AddinCLSID** The CLSID for the Office addin
+- **AddInId** Office addin ID
+- **AddinType** The type of the Office addin.
+- **BinFileTimestamp** Timestamp of the Office addin
+- **BinFileVersion** Version of the Office addin
+- **Description** Office addin description
+- **FileId** FileId of the Office addin
+- **FileSize** File size of the Office addin
+- **FriendlyName** Friendly name for office addin
+- **FullPath** Unexpanded path to the office addin
- **InventoryVersion** The version of the inventory binary generating the events.
-- **LoadBehavior** Uint32 that describes the load behavior.
-- **OfficeApplication** The office application for this add-in.
-- **OfficeArchitecture** Architecture of the add-in.
-- **OfficeVersion** The office version for this add-in.
-- **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this add-in.
-- **ProductCompany** The name of the company associated with the Office add-in.
-- **ProductName** The product name associated with the Office add-in.
-- **ProductVersion** The version associated with the Office add-in.
-- **ProgramId** The unique program identifier of the Office add-in.
-- **Provider** Name of the provider for this add-in.
+- **LoadBehavior** Uint32 that describes the load behavior
+- **OfficeApplication** The office application for this addin
+- **OfficeArchitecture** Architecture of the addin
+- **OfficeVersion** The office version for this addin
+- **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this addin
+- **ProductCompany** The name of the company associated with the Office addin
+- **ProductName** The product name associated with the Office addin
+- **ProductVersion** The version associated with the Office addin
+- **ProgramId** The unique program identifier of the Office addin
+- **Provider** Name of the provider for this addin
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
@@ -3908,6 +4089,153 @@ The following fields are available:
- **UserInputTime** The amount of time the loader application spent waiting for user input.
+## OneDrive events
+
+### Microsoft.OneDrive.Sync.Updater.ComponentInstallState
+
+This event includes basic data about the installation state of dependent OneDrive components.
+
+The following fields are available:
+
+- **ComponentName** The name of the dependent component.
+- **isInstalled** Is the dependent component installed?
+
+
+### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus
+
+This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken
+
+The following fields are available:
+
+- **32bit** The status of the OneDrive overlay icon on a 32-bit operating system.
+- **64bit** The status of the OneDrive overlay icon on a 64-bit operating system.
+
+
+### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult
+
+This event sends information describing the result of the update.
+
+The following fields are available:
+
+- **hr** The HResult of the operation.
+- **IsLoggingEnabled** Indicates whether logging is enabled for the updater.
+- **UpdaterVersion** The version of the updater.
+
+
+### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult
+
+This event determines the status when downloading the OneDrive update configuration file.
+
+The following fields are available:
+
+- **hr** The HResult of the operation.
+
+
+### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus
+
+This event determines the error code that was returned when verifying Internet connectivity.
+
+The following fields are available:
+
+- **winInetError** The HResult of the operation.
+
+
+## Other events
+
+### Microsoft.Windows.Kits.WSK.WskImageCreate
+
+This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate “image” creation failures.
+
+The following fields are available:
+
+- **Phase** The image creation phase. Values are “Start” or “End”.
+- **WskVersion** The version of the Windows System Kit being used.
+
+
+### Microsoft.Windows.Kits.WSK.WskImageCustomization
+
+This event sends simple Product and Service usage data when a user is using the Windows System Kit to create/modify configuration files allowing the customization of a new OS image with Apps or Drivers. The data includes the version of the Windows System Kit, the state of the event, the customization type (drivers or apps) and the mode (new or updating) and is used to help investigate configuration file creation failures.
+
+The following fields are available:
+
+- **Mode** The mode of update to image configuration files. Values are “New” or “Update”.
+- **Phase** The image creation phase. Values are “Start” or “End”.
+- **Type** The type of update to image configuration files. Values are “Apps” or “Drivers”.
+- **WskVersion** The version of the Windows System Kit being used.
+
+
+### Microsoft.Windows.Kits.WSK.WskWorkspaceCreate
+
+This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new workspace for generating OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate workspace creation failures.
+
+The following fields are available:
+
+- **Architecture** The OS architecture that the workspace will target. Values are one of: “AMD64”, “ARM64”, “x86”, or “ARM”.
+- **OsEdition** The Operating System Edition that the workspace will target.
+- **Phase** The image creation phase. Values are “Start” or “End”.
+- **WskVersion** The version of the Windows System Kit being used.
+
+
+### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General
+
+This event provides information about application properties to indicate the successful execution.
+
+The following fields are available:
+
+- **AppMode** Indicates the mode the app is being currently run around privileges.
+- **ExitCode** Indicates the exit code of the app.
+- **Help** Indicates if the app needs to be launched in the help mode.
+- **ParseError** Indicates if there was a parse error during the execution.
+- **RightsAcquired** Indicates if the right privileges were acquired for successful execution.
+- **RightsWereEnabled** Indicates if the right privileges were enabled for successful execution.
+- **TestMode** Indicates whether the app is being run in test mode.
+
+
+### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount
+
+This event provides information about the properties of user accounts in the Administrator group.
+
+The following fields are available:
+
+- **Internal** Indicates the internal property associated with the count group.
+- **LastError** The error code (if applicable) for the cause of the failure to get the count of the user account.
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivationError
+
+This event indicates whether the system detected an activation error in the app.
+
+The following fields are available:
+
+- **ActivationUri** Activation URI (Uniform Resource Identifier) used in the attempt to activate the app.
+- **AppId** The Xbox LIVE Title ID.
+- **AppUserModelId** The AUMID (Application User Model ID) of the app to activate.
+- **Result** The HResult error.
+- **UserId** The Xbox LIVE User ID (XUID).
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivity
+
+This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
+
+The following fields are available:
+
+- **AppActionId** The ID of the application action.
+- **AppCurrentVisibilityState** The ID of the current application visibility state.
+- **AppId** The Xbox LIVE Title ID of the app.
+- **AppPackageFullName** The full name of the application package.
+- **AppPreviousVisibilityState** The ID of the previous application visibility state.
+- **AppSessionId** The application session ID.
+- **AppType** The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
+- **BCACode** The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
+- **DurationMs** The amount of time (in milliseconds) since the last application state transition.
+- **IsTrialLicense** This boolean value is TRUE if the application is on a trial license.
+- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
+- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
+- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application.
+- **UserId** The XUID (Xbox User ID) of the current user.
+
+
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -3936,6 +4264,43 @@ The following fields are available:
- **userRegionCode** The current user's region setting
+## Setup events
+
+### SetupPlatformTel.SetupPlatformTelActivityEvent
+
+This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStarted
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+The following fields are available:
+
+- **Name** The name of the dynamic update type. Example: GDR driver
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStopped
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+
+
+### SetupPlatformTel.SetupPlatfOrmTelEvent
+
+This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios.
+
+The following fields are available:
+
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+
+
## Software update events
### SoftwareUpdateClientTelemetry.CheckForUpdates
@@ -4010,7 +4375,7 @@ The following fields are available:
- **ScanDurationInSeconds** The number of seconds a scan took
- **ScanEnqueueTime** The number of seconds it took to initialize a scan
- **ScanProps** This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
-- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Windows Store, etc.).
- **ServiceUrl** The environment URL a device is configured to scan with
- **ShippingMobileOperator** The mobile operator that a device shipped on.
- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
@@ -4092,7 +4457,7 @@ The following fields are available:
- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.).
- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway.
- **ShippingMobileOperator** The mobile operator that a device shipped on.
- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload.
@@ -4169,7 +4534,7 @@ The following fields are available:
- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install.
- **RevisionNumber** The revision number of this specific piece of content.
-- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.).
- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
- **ShippingMobileOperator** The mobile operator that a device shipped on.
- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult).
@@ -4219,7 +4584,7 @@ The following fields are available:
- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -4240,7 +4605,7 @@ The following fields are available:
- **CmdLineArgs** Command line arguments passed in by the caller.
- **EventInstanceID** A globally unique identifier for the event instance.
- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **WUDeviceID** Unique device ID controlled by the software distribution client.
@@ -4279,7 +4644,7 @@ The following fields are available:
- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -4300,7 +4665,7 @@ The following fields are available:
- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete.
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
-- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Windows Store, etc.).
- **WUDeviceID** The unique device ID controlled by the software distribution client.
@@ -4334,6 +4699,296 @@ The following fields are available:
- **LinkSpeed** The adapter link speed.
+## Update events
+
+### Update360Telemetry.Revert
+
+This event sends data relating to the Revert phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the Revert phase.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RebootRequired** Indicates reboot is required.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **RevertResult** The result code returned for the Revert operation.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentCommit
+
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentDownloadRequest
+
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile.
+
+The following fields are available:
+
+- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted.
+- **DownloadRequests** Number of times a download was retried.
+- **ErrorCode** The error code returned for the current download request phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique ID for each flight.
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **PackageCategoriesSkipped** Indicates package categories that were skipped, if applicable.
+- **PackageCountOptional** Number of optional packages requested.
+- **PackageCountRequired** Number of required packages requested.
+- **PackageCountTotal** Total number of packages needed.
+- **PackageCountTotalCanonical** Total number of canonical packages.
+- **PackageCountTotalDiff** Total number of diff packages.
+- **PackageCountTotalExpress** Total number of express packages.
+- **PackageExpressType** Type of express package.
+- **PackageSizeCanonical** Size of canonical packages in bytes.
+- **PackageSizeDiff** Size of diff packages in bytes.
+- **PackageSizeExpress** Size of express packages in bytes.
+- **RangeRequestState** Indicates the range request type used.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the download request phase of update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases).
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentExpand
+
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ElapsedTickCount** Time taken for expand phase.
+- **EndFreeSpace** Free space after expand phase.
+- **EndSandboxSize** Sandbox size after expand phase.
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **StartFreeSpace** Free space before expand phase.
+- **StartSandboxSize** Sandbox size after expand phase.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentFellBackToCanonical
+
+This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **PackageCount** Number of packages that feel back to canonical.
+- **PackageList** PackageIds which fell back to canonical.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInitialize
+
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **FlightMetadata** Contains the FlightId and the build being flighted.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInstall
+
+This event sends data for the install phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **ObjectId** Correlation vector value generated from the latest USO scan.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** The result for the current install phase.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMerge
+
+The UpdateAgentMerge event sends data on the merge phase when updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current merge phase.
+- **FlightId** Unique ID for each flight.
+- **MergeId** The unique ID to join two update sessions being merged.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Related correlation vector value.
+- **Result** Outcome of the merge phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMitigationResult
+
+This event sends data indicating the result of each update agent mitigation.
+
+The following fields are available:
+
+- **Applicable** Indicates whether the mitigation is applicable for the current update.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightId** Unique identifier for each flight.
+- **Index** The mitigation index of this particular mitigation.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly name of the mitigation.
+- **ObjectId** Unique value for each Update Agent mode.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentMitigationSummary
+
+This event sends a summary of all the update agent mitigations available for an this update.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **Failed** The count of mitigations that failed.
+- **FlightId** Unique identifier for each flight.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing all mitigations (in 100-nanosecond increments).
+- **Total** Total number of mitigations that were available.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **Mode** Indicates the mode that has started.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **Version** Version of update
+
+
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **Count** The count of applicable OneSettings for the device.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+- **Values** The values sent back to the device, if applicable.
+
+
+### Update360Telemetry.UpdateAgentPostRebootResult
+
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current post reboot phase.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **ObjectId** Unique value for each Update Agent mode.
+- **PostRebootResult** Indicates the Hresult.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentReboot
+
+This event sends information indicating that a request has been sent to suspend an update.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current reboot.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentSetupBoxLaunch
+
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs.
+
+The following fields are available:
+
+- **ContainsExpressPackage** Indicates whether the download package is express.
+- **FlightId** Unique ID for each flight.
+- **FreeSpace** Free space on OS partition.
+- **InstallCount** Number of install attempts using the same sandbox.
+- **ObjectId** Unique value for each Update Agent mode.
+- **Quiet** Indicates whether setup is running in quiet mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **SandboxSize** Size of the sandbox.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **SetupMode** Mode of setup to be launched.
+- **UpdateId** Unique ID for each Update.
+- **UserSession** Indicates whether install was invoked by user actions.
+
+
## Upgrade events
### FacilitatorTelemetry.DCATDownload
@@ -4364,6 +5019,197 @@ The following fields are available:
- **Version** Version of Facilitator.
+### Setup360Telemetry.Downlevel
+
+This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the downlevel OS.
+- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** More detailed information about phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
+- **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors).
+- **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS).
+- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** An ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
+
+
+### Setup360Telemetry.Finalize
+
+This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** More detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.OsUninstall
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.PostRebootInstall
+
+This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
+
+
+### Setup360Telemetry.PreDownloadQuiet
+
+This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreDownloadUX
+
+This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **HostOSBuildNumber** The build number of the previous operating system.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system).
+- **InstanceId** Unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS).
+- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.PreInstallQuiet
+
+This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreInstallUX
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.Setup360
+
+This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FieldName** Retrieves the data point.
+- **FlightData** Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId** Retrieves a unique identifier for each instance of a setup session.
+- **ReportId** Retrieves the report ID.
+- **ScenarioId** Retrieves the deployment scenario.
+- **Value** Retrieves the value associated with the corresponding FieldName.
+
+
### Setup360Telemetry.Setup360DynamicUpdate
This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
@@ -4381,6 +5227,89 @@ The following fields are available:
- **TargetBuild** Build of the target OS.
+### Setup360Telemetry.Setup360MitigationResult
+
+This event sends data indicating the result of each setup mitigation.
+
+The following fields are available:
+
+- **Applicable** TRUE if the mitigation is applicable for the current update.
+- **ClientId** In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightData** The unique identifier for each flight (test release).
+- **Index** The mitigation index of this particular mitigation.
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly (descriptive) name of the mitigation.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly (descriptive) name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+
+
+### Setup360Telemetry.Setup360MitigationSummary
+
+This event sends a summary of all the setup mitigations available for this update.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Failed** The count of mitigations that failed.
+- **FlightData** The unique identifier for each flight (test release).
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **Total** The total number of mitigations that were available.
+
+
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Count** The count of applicable OneSettings for the device.
+- **FlightData** The ID for the flight (test instance version).
+- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **ReportId** The Update ID passed to Setup.
+- **Result** The HResult of the event error.
+- **ScenarioId** The update scenario ID.
+- **Values** Values sent back to the device, if applicable.
+
+
+### Setup360Telemetry.UnexpectedEvent
+
+This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
## Windows as a Service diagnostic events
### Microsoft.Windows.WaaSMedic.SummaryEvent
@@ -4407,6 +5336,50 @@ The following fields are available:
- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId** Uint32 identifying the boot number for this device.
+- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1** Uint64 parameter providing additional information.
+- **BugCheckParameter2** Uint64 parameter providing additional information.
+- **BugCheckParameter3** Uint64 parameter providing additional information.
+- **BugCheckParameter4** Uint64 parameter providing additional information.
+- **DumpFileAttributes** Codes that identify the type of data contained in the dump file
+- **DumpFileSize** Size of the dump file
+- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise
+- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
+
+
+## Windows Update Delivery Optimization events
+
+### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
+
+This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **cdnHeaders** The HTTP headers returned by the CDN.
+- **cdnIp** The IP address of the CDN.
+- **cdnUrl** The URL of the CDN.
+- **errorCode** The error code that was returned.
+- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **httpStatusCode** The HTTP status code returned by the CDN.
+- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET
+- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
+- **requestOffset** The byte offset within the file in the sent request.
+- **requestSize** The size of the range requested from the CDN.
+- **responseSize** The size of the range response received from the CDN.
+- **sessionID** The ID of the download session.
+
+
## Windows Update events
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary
@@ -4525,6 +5498,32 @@ The following fields are available:
- **updateId** Unique identifier for each update.
+### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
+
+This event indicates that a notification dialog box is about to be displayed to user.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown.
+- **DaysSinceRebootRequired** Number of days since restart was required.
+- **DeviceLocalTime** The local time on the device sending the event.
+- **EngagedModeLimit** The number of days to switch between DTE dialog boxes.
+- **EnterAutoModeLimit** The maximum number of days for a device to enter Auto Reboot mode.
+- **ETag** OneSettings versioning value.
+- **IsForcedEnabled** Indicates whether Forced Reboot mode is enabled for this device.
+- **IsUltimateForcedEnabled** Indicates whether Ultimate Forced Reboot mode is enabled for this device.
+- **NotificationUxState** Indicates which dialog box is shown.
+- **NotificationUxStateString** Indicates which dialog box is shown.
+- **RebootUxState** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
+- **RebootUxStateString** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
+- **RebootVersion** Version of DTE.
+- **SkipToAutoModeLimit** The minimum length of time to pass in restart pending before a device can be put into auto mode.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UtcTime** The time the dialog box notification will be displayed, in Coordinated Universal Time.
+
+
### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog
This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed..
@@ -4541,6 +5540,65 @@ The following fields are available:
- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time.
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
+
+This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** The local time of the device sending the event.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the dialog box.
+- **RebootVersion** Version of DTE.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that the user chose in this dialog box.
+- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
+
+This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** Time the dialog box was shown on the local device.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the dialog box.
+- **RebootVersion** Version of DTE.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that user chose in this dialog box.
+- **UtcTime** The time that dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog
+
+This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** The time at which the reboot reminder dialog was shown (based on the local device time settings).
+- **ETag** The OneSettings versioning value.
+- **ExitCode** Indicates how users exited the reboot reminder dialog box.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+- **UserResponseString** The option chosen by the user on the reboot dialog box.
+- **UtcTime** The time at which the reboot reminder dialog was shown (in UTC).
+
+
+### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
+
+This event indicates a policy is present that may restrict update activity to outside of active hours.
+
+The following fields are available:
+
+- **activeHoursEnd** The end of the active hours window.
+- **activeHoursStart** The start of the active hours window.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel
This event indicates that Windows Update activity was blocked due to low battery level.
@@ -4553,6 +5611,22 @@ The following fields are available:
- **wuDeviceid** Device ID.
+### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
+
+This event indicates the reboot was postponed due to needing a display.
+
+The following fields are available:
+
+- **displayNeededReason** Reason the display is needed.
+- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber** Revision number of the update.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+
+
### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit
This event indicates that DTU completed installation of the electronic software delivery (ESD), when Windows Update was already in Pending Commit phase of the feature update.
@@ -4592,6 +5666,162 @@ The following fields are available:
- **wuDeviceid** The Windows Update device ID.
+### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
+
+This event indicates that the update is no longer applicable to this device.
+
+The following fields are available:
+
+- **EventPublishedTime** Time when this event was generated.
+- **flightID** The specific ID of the Windows Insider build.
+- **revisionNumber** Update revision number.
+- **updateId** Unique Windows Update ID.
+- **updateScenarioType** Update session type.
+- **UpdateStatus** Last status of update.
+- **UUPFallBackConfigured** Indicates whether UUP fallback is configured.
+- **wuDeviceid** Unique Device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
+
+This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows up to date.
+
+The following fields are available:
+
+- **EventPublishedTime** Time of the event.
+- **flightID** Unique update ID
+- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber** Revision number of the update.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Install
+
+This event sends launch data for a Windows Update install to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Current battery capacity in mWh or percentage left.
+- **deferReason** Reason for install not completing.
+- **errorCode** The error code reppresented by a hexadecimal value.
+- **eventScenario** End-to-end update session ID.
+- **flightID** Unique update ID
+- **flightUpdate** Indicates whether the update is a Windows Insider build.
+- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates.
+- **IgnoreReasonsForRestart** The reason(s) a Postpone Restart command was ignored.
+- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress.
+- **installRebootinitiatetime** The time it took for a reboot to be attempted.
+- **interactive** Identifies if session is user initiated.
+- **minutesToCommit** The time it took to install updates.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.LowUptimes
+
+This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure.
+
+The following fields are available:
+
+- **availableHistoryMinutes** The number of minutes available from the local machine activity history.
+- **isLowUptimeMachine** Is the machine considered low uptime or not.
+- **lowUptimeMinHours** Current setting for the minimum number of hours needed to not be considered low uptime.
+- **lowUptimeQueryDays** Current setting for the number of recent days to check for uptime.
+- **uptimeMinutes** Number of minutes of uptime measured.
+- **wuDeviceid** Unique device ID for Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
+
+This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date.
+
+The following fields are available:
+
+- **externalOneshotupdate** The last time a task-triggered scan was completed.
+- **interactiveOneshotupdate** The last time an interactive scan was completed.
+- **oldlastscanOneshotupdate** The last time a scan completed successfully.
+- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID).
+
+
+### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
+
+This event is generated before the shutdown and commit operations.
+
+The following fields are available:
+
+- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### Microsoft.Windows.Update.Orchestrator.RebootFailed
+
+This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Current battery capacity in mWh or percentage left.
+- **deferReason** Reason for install not completing.
+- **EventPublishedTime** The time that the reboot failure occurred.
+- **flightID** Unique update ID.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot was scheduled outside of active hours.
+- **RebootResults** Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RefreshSettings
+
+This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode** Hex code for the error message, to allow lookup of the specific error.
+- **settingsDownloadTime** Timestamp of the last attempt to acquire settings.
+- **settingsETag** Version identifier for the settings.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
+
+This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date.
+
+The following fields are available:
+
+- **RebootTaskMissedTimeUTC** The time when the reboot task was scheduled to run, but did not.
+- **RebootTaskNextTimeUTC** The time when the reboot task was rescheduled for.
+- **RebootTaskRestoredTime** Time at which this reboot task was restored.
+- **wuDeviceid** Device ID for the device on which the reboot is restored.
+
+
+### Microsoft.Windows.Update.Orchestrator.ScanTriggered
+
+This event indicates that Update Orchestrator has started a scan operation.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current scan operation.
+- **eventScenario** Indicates the purpose of sending this event.
+- **interactive** Indicates whether the scan is interactive.
+- **isDTUEnabled** Indicates whether DTU (internal abbreviation for Direct Feature Update) channel is enabled on the client system.
+- **isScanPastSla** Indicates whether the SLA has elapsed for scanning.
+- **isScanPastTriggerSla** Indicates whether the SLA has elapsed for triggering a scan.
+- **minutesOverScanSla** Indicates how many minutes the scan exceeded the scan SLA.
+- **minutesOverScanTriggerSla** Indicates how many minutes the scan exceeded the scan trigger SLA.
+- **scanTriggerSource** Indicates what caused the scan.
+- **updateScenarioType** The update session type.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.StickUpdate
This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update.
@@ -4602,6 +5832,22 @@ The following fields are available:
- **wuDeviceid** Unique device ID controlled by the software distribution client.
+### Microsoft.Windows.Update.Orchestrator.SystemNeeded
+
+This event sends data about why a device is unable to reboot, to help keep Windows up to date.
+
+The following fields are available:
+
+- **eventScenario** End-to-end update session ID.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber** Update revision number.
+- **systemNeededReason** List of apps or tasks that are preventing the system from restarting.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours
This event indicates that update activity was stopped due to active hours starting.
@@ -4636,6 +5882,111 @@ The following fields are available:
- **wuDeviceid** Unique device ID controlled by the software distribution client.
+### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
+
+This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **configuredPoliciescount** Number of policies on the device.
+- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight).
+- **policyCacherefreshtime** Time when policy cache was refreshed.
+- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
+
+This event sends data about whether an update required a reboot to help keep Windows up to date.
+
+The following fields are available:
+
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
+
+This event sends information about an update that encountered problems and was not able to complete.
+
+The following fields are available:
+
+- **errorCode** The error code encountered.
+- **wuDeviceid** The ID of the device in which the error occurred.
+
+
+### Microsoft.Windows.Update.Orchestrator.UsoSession
+
+This event represents the state of the USO service at start and completion.
+
+The following fields are available:
+
+- **activeSessionid** A unique session GUID.
+- **eventScenario** The state of the update action.
+- **interactive** Is the USO session interactive?
+- **lastErrorcode** The last error that was encountered.
+- **lastErrorstate** The state of the update when the last error was encountered.
+- **sessionType** A GUID that refers to the update session type.
+- **updateScenarioType** A descriptive update session type.
+- **wuDeviceid** The Windows Update device GUID.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
+
+This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
+- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed.
+- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs.
+- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode.
+- **ETag** The Entity Tag that represents the OneSettings version.
+- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device.
+- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device.
+- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending.
+- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode.
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
+
+This event is sent when a security update has successfully completed.
+
+The following fields are available:
+
+- **UtcTime** The Coordinated Universal Time that the restart was no longer needed.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
+
+This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **activeHoursApplicable** Indicates whether Active Hours applies on this device.
+- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled.
+- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action.
+- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise.
+- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
+- **rebootState** Current state of the reboot.
+- **rebootUsingSmartScheduler** Indicates that the reboot is scheduled by SmartScheduler.
+- **revisionNumber** Revision number of the OS.
+- **scheduledRebootTime** Time scheduled for the reboot.
+- **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC.
+- **updateId** Identifies which update is being scheduled.
+- **wuDeviceid** Unique DeviceID
+
+
### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask
This event is sent when MUSE broker schedules a task.
@@ -4646,4 +5997,73 @@ The following fields are available:
- **TaskName** Name of the task.
+### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
+
+This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up to date.
+
+The following fields are available:
+
+- **activeHoursApplicable** Is the restart respecting Active Hours?
+- **IsEnhancedEngagedReboot** TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE.
+- **rebootArgument** The arguments that are passed to the OS for the restarted.
+- **rebootOutsideOfActiveHours** Was the restart scheduled outside of Active Hours?
+- **rebootScheduledByUser** Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
+- **rebootState** The state of the restart.
+- **rebootUsingSmartScheduler** TRUE if the reboot should be performed by the Smart Scheduler. Otherwise, FALSE.
+- **revisionNumber** The revision number of the OS being updated.
+- **scheduledRebootTime** Time of the scheduled reboot
+- **scheduledRebootTimeInUTC** Time of the scheduled restart, in Coordinated Universal Time.
+- **updateId** The Windows Update device GUID.
+- **wuDeviceid** The Windows Update device GUID.
+
+
+## Windows Update mitigation events
+
+### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
+
+This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates.
+
+The following fields are available:
+
+- **ClientId** Unique identifier for each flight.
+- **FlightId** Unique GUID that identifies each instances of setuphost.exe.
+- **InstanceId** The update scenario in which the mitigation was executed.
+- **MitigationScenario** Number of mounted images.
+- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT.
+- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed.
+- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed.
+- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT.
+- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan.
+- **RelatedCV** HResult of this operation.
+- **Result** ID indicating the mitigation scenario.
+- **ScenarioId** Indicates whether the scenario was supported.
+- **ScenarioSupported** Unique value for each update attempt.
+- **SessionId** Unique ID for each Update.
+- **UpdateId** Unique ID for the Windows Update client.
+- **WuId** Unique ID for the Windows Update client.
+
+
+### Mitigation360Telemetry.MitigationCustom.FixupEditionId
+
+This event sends data specific to the FixupEditionId mitigation used for OS updates.
+
+The following fields are available:
+
+- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **EditionIdUpdated** Determine whether EditionId was changed.
+- **FlightId** Unique identifier for each flight.
+- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **ProductEditionId** Expected EditionId value based on GetProductInfo.
+- **ProductType** Value returned by GetProductInfo.
+- **RegistryEditionId** EditionId value in the registry.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **WuId** Unique ID for the Windows Update client.
+
+
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 865d98939f..3ac0a072a3 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -18,6 +18,7 @@ ms.date: 06/05/2018
- Windows 10 Enterprise, version 1607 and newer
- Windows Server 2016
+- Windows Server 2019
If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
@@ -43,6 +44,12 @@ Note that **Get Help** and **Give us Feedback** links no longer work after the W
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+## What's new in Windows 10, version 1809 Enterprise edition
+
+Here's a list of changes that were made to this article for Windows 10, version 1809:
+
+- Added a policy to disable Windows Defender SmartScreen
+
## What's new in Windows 10, version 1803 Enterprise edition
Here's a list of changes that were made to this article for Windows 10, version 1803:
@@ -99,19 +106,19 @@ The following table lists management options for each setting, beginning with Wi
| Setting | UI | Group Policy | MDM policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | | | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | |  | |
| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  | |
| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
-| [4. Device metadata retrieval](#bkmk-devinst) | |  | |  | |
-| [5. Find My Device](#find-my-device) | |  | | | |
-| [6. Font streaming](#font-streaming) | |  | |  | |
+| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |  | |
+| [5. Find My Device](#find-my-device) |  |  | |  | |
+| [6. Font streaming](#font-streaming) | |  |  |  | |
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
| [9. Live Tiles](#live-tiles) | |  | |  | |
| [10. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
| [11. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
| [12. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
-| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  | |  | |
+| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
| [14. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
| [15. OneDrive](#bkmk-onedrive) | |  | |  | |
| [16. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
@@ -142,6 +149,7 @@ The following table lists management options for each setting, beginning with Wi
| [21. Teredo](#bkmk-teredo) | |  | |  |  |
| [22. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
| [23. Windows Defender](#bkmk-defender) | |  |  |  | |
+| [23.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
| [24. Windows Media Player](#bkmk-wmp) |  | | | |  |
| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
@@ -202,6 +210,63 @@ See the following table for a summary of the management settings for Windows Ser
| [21. Teredo](#bkmk-teredo) | |  |
| [28. Windows Update](#bkmk-wu) |  | |
+### Settings for Windows Server 2019
+
+See the following table for a summary of the management settings for Windows Server 2019.
+
+| Setting | UI | Group Policy | MDM policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | |  | |
+| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  | |
+| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
+| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |  | |
+| [5. Find My Device](#find-my-device) |  |  | |  | |
+| [6. Font streaming](#font-streaming) | |  |  |  | |
+| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
+| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
+| [9. Live Tiles](#live-tiles) | |  | |  | |
+| [10. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
+| [11. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
+| [12. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
+| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
+| [14. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
+| [15. OneDrive](#bkmk-onedrive) | |  | |  | |
+| [16. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
+| [17. Settings > Privacy](#bkmk-settingssection) | | | | | |
+| [17.1 General](#bkmk-general) |  |  |  |  | |
+| [17.2 Location](#bkmk-priv-location) |  |  |  |  | |
+| [17.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
+| [17.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
+| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
+| [17.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
+| [17.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
+| [17.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
+| [17.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
+| [17.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
+| [17.11 Email](#bkmk-priv-email) |  |  |  |  | |
+| [17.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
+| [17.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
+| [17.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
+| [17.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
+| [17.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
+| [17.17 Background apps](#bkmk-priv-background) |  |  |  | | |
+| [17.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
+| [17.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
+| [17.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
+| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
+| [19. Storage Health](#bkmk-storage-health) | |  | | | |
+| [20. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
+| [21. Teredo](#bkmk-teredo) | |  | |  |  |
+| [22. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
+| [23. Windows Defender](#bkmk-defender) | |  |  |  | |
+| [23.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
+| [24. Windows Media Player](#bkmk-wmp) |  | | | |  |
+| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
+| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
+| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
+| [28. Windows Update](#bkmk-wu) |  |  |  | | |
+
## How to configure each setting
Use the following sections for more information about how to configure each setting.
@@ -336,9 +401,17 @@ After that, configure the following:
### 4. Device metadata retrieval
-To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Prevent device metadata retrieval from the Internet**.
+To prevent Windows from retrieving device metadata from the Internet:
-You can also create a new REG\_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Prevent device metadata retrieval from the Internet**.
+
+ -or -
+
+- Create a new REG\_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
+
+ -or -
+
+- Apply the DeviceInstallation/PreventDeviceMetadataFromNetwork MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork).
### 5. Find My Device
@@ -608,7 +681,7 @@ You can turn off NCSI by doing one of the following:
- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Windows Network Connectivity Status Indicator active tests**
-- In Windows 10, version 1703 and later, apply the Connectivity/DisallowNetworkConnectivityActiveTests MDM policy.
+- In Windows 10, version 1703 and later, apply the Connectivity/DisallowNetworkConnectivityActiveTests MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) with a value of 1.
> [!NOTE]
> After you apply this policy, you must restart the device for the policy setting to take effect.
@@ -879,31 +952,13 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros
-or-
-- In Windows Server 2016, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Edge** > **Configure SmartScreen Filter**.
- In Windows 10, version 1703, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Edge** > **Configure Windows Defender SmartScreen Filter**.
-
- In Windows Server 2016, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **File Explorer** > **Configure Windows SmartScreen**.
- In Windows 10, version 1703 , apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **File Explorer** > **Configure Windows Defender SmartScreen**.
-
- -or-
-
-- Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
-
- -or-
-
- Create a provisioning package, using:
-
- - For Internet Explorer: **Runtime settings** > **Policies** > **Browser** > **AllowSmartScreen**
-
- - For Microsoft Edge: **Runtime settings** > **Policies** > **MicrosoftEdge** > **AllowSmartScreen**
+ - For Internet Explorer: **Runtime settings > Policies > Browser > AllowSmartScreen**
+ - For Microsoft Edge: **Runtime settings > Policies > MicrosoftEdge > AllowSmartScreen**
-or-
-- Create a REG\_DWORD registry setting named **EnableWebContentEvaluation** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost** with a value of 0 (zero).
-
- -or-
-
-- Create a REG\_DWORD registry setting named **EnableSmartScreen** in **HKEY\_LOCAL\_MACHINE\\Sofware\\Policies\\Microsoft\\Windows\\System** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **EnableWebContentEvaluation** in **HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost** with a value of 0 (zero).
To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
@@ -1793,6 +1848,36 @@ For Windows 10 only, you can stop Enhanced Notifications:
You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
+### 23.1 Windows Defender SmartScreen
+
+To disable Windows Defender Smartscreen:
+
+- In Group Policy, configure - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** : **Disable**
+
+ -or-
+
+- **Computer Configuration > Administrative Templates > Windows Components > File Explorer > Configure Windows Defender SmartScreen** : **Disable**
+
+ -and-
+
+- **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure app install control** : **Enable**
+
+ -or-
+
+- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\Sofware\Policies\Microsoft\Windows\System** with a value of 0 (zero).
+
+ -and-
+
+- Create a REG_DWORD registry setting named **ConfigureAppInstallControlEnabled** in **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen** with a value of 1.
+
+ -and-
+
+- Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen** with a value of **Anywhere**.
+
+ -or-
+
+- Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
+
### 24. Windows Media Player
To remove Windows Media Player on Windows 10:
diff --git a/windows/privacy/manage-windows-endpoints.md b/windows/privacy/manage-windows-endpoints.md
index 721814aabe..c324f877dd 100644
--- a/windows/privacy/manage-windows-endpoints.md
+++ b/windows/privacy/manage-windows-endpoints.md
@@ -145,13 +145,9 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Certificates
-The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
+The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
-| Source process | Protocol | Destination | Applies from Windows 10 version |
-|----------------|----------|------------|----------------------------------|
-| svchost | HTTP | ctldl.windowsupdate.com | 1709 |
-
-The following endpoints are used to download certificates that are publicly known to be fraudulent.
+Additionally, it is used to download certificates that are publicly known to be fraudulent.
These settings are critical for both Windows security and the overall security of the Internet.
We do not recommend blocking this endpoint.
If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 29580800e7..d536281716 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: Justinha
-ms.date: 10/27/2017
+ms.date: 11/06/2018
---
# Overview of BitLocker Device Encryption in Windows 10
@@ -14,7 +14,7 @@ ms.date: 10/27/2017
**Applies to**
- Windows 10
-This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10.
+This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10.
For an architectural overview about how BitLocker Device Encryption works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview).
For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md).
@@ -84,13 +84,13 @@ Exercise caution when encrypting only used space on an existing volume on which
SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.
Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
-For more information about encrypted hard drives, see [Encrypted Hard Drive](/windows/security/hardware-protection/encrypted-hard-drive.md).
+For more information about encrypted hard drives, see [Encrypted Hard Drive](../encrypted-hard-drive.md).
## Preboot information protection
An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.
It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.
-Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md) and [Choose the right BitLocker countermeasure](choose-the-right-bitlocker-countermeasure.md).
+Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
## Manage passwords and PINs
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index 8ce020a25f..33ec5598fe 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
ms.author: justinha
-ms.date: 06/18/2018
+ms.date: 11/08/2018
ms.localizationpriority: medium
---
@@ -24,6 +24,10 @@ With the increase of employee-owned devices in the enterprise, there’s also an
Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
+## Video: Protect enterprise data from being accidentally copied to the wrong place
+
+> [!Video https://www.microsoft.com/en-us/videoplayer/embed/RE2IGhh]
+
## Prerequisites
You’ll need this software to run WIP in your enterprise:
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
index 0f59fcfe7b..8bb9b2c5d5 100644
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@@ -97,4 +97,4 @@ Here, you can copy the **WipAppid** and use it to adjust your WIP protection pol
When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes)
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index dfa28ec177..c318406475 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Change history for Windows Defender Advanced Threat Protection (Windows Defender ATP)
+title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
description: This topic lists new and updated topics in the WWindows Defender ATP content set.
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 090b0c62f7..028116204e 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -13,7 +13,7 @@ ms.date: 10/04/2018
---
# Threat Protection
-Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
+[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
Windows Defender ATP
@@ -63,8 +63,8 @@ To further reinforce the security perimeter of your network, Windows Defender AT
-**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**
-Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
+**[Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)**
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
- [Alerts](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
- [Historical endpoint data](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
diff --git a/windows/security/threat-protection/intelligence/images/PrevalentMalware-67-percent.png b/windows/security/threat-protection/intelligence/images/PrevalentMalware-67-percent.png
deleted file mode 100644
index 8e2221a40b..0000000000
Binary files a/windows/security/threat-protection/intelligence/images/PrevalentMalware-67-percent.png and /dev/null differ
diff --git a/windows/security/threat-protection/intelligence/images/PrevalentMalware.png b/windows/security/threat-protection/intelligence/images/PrevalentMalware.png
new file mode 100644
index 0000000000..8d93b4ed9d
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/PrevalentMalware.png differ
diff --git a/windows/security/threat-protection/intelligence/images/PrevalentMalware0818.png b/windows/security/threat-protection/intelligence/images/PrevalentMalware0818.png
deleted file mode 100644
index 8e3fb0cfde..0000000000
Binary files a/windows/security/threat-protection/intelligence/images/PrevalentMalware0818.png and /dev/null differ
diff --git a/windows/security/threat-protection/intelligence/images/RealWorld-67-percent.png b/windows/security/threat-protection/intelligence/images/RealWorld-67-percent.png
deleted file mode 100644
index 9e011c0e6a..0000000000
Binary files a/windows/security/threat-protection/intelligence/images/RealWorld-67-percent.png and /dev/null differ
diff --git a/windows/security/threat-protection/intelligence/images/RealWorld.png b/windows/security/threat-protection/intelligence/images/RealWorld.png
new file mode 100644
index 0000000000..82b7983c38
Binary files /dev/null and b/windows/security/threat-protection/intelligence/images/RealWorld.png differ
diff --git a/windows/security/threat-protection/intelligence/images/RealWorld0818.png b/windows/security/threat-protection/intelligence/images/RealWorld0818.png
deleted file mode 100644
index f1768f8187..0000000000
Binary files a/windows/security/threat-protection/intelligence/images/RealWorld0818.png and /dev/null differ
diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 5f2f3fbb28..34297ac109 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -1,14 +1,14 @@
---
title: Top scoring in industry antivirus tests
description: Windows Defender Antivirus consistently achieves high scores in independent tests. View the latest scores and analysis.
-keywords: security, malware, av-comparatives, av-test, av, antivirus
+keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, defender, scores
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
ms.localizationpriority: medium
ms.author: ellevin
author: levinec
-ms.date: 09/05/2018
+ms.date: 11/07/2018
---
# Top scoring in industry antivirus tests
@@ -18,20 +18,22 @@ ms.date: 09/05/2018
We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections.
In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender Antivirus is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies.
-
-> [!TIP]
-> Learn why [Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise?ocid=cx-docs-avreports).
-
## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
+> [!NOTE]
+> [Download our latest analysis: Examining the AV-TEST July-August results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y)
-### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) **Latest**
+### July-August 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2018/microsoft-windows-defender-antivirus-4.12--4.18-183212/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y)
- Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
+ Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 20,022 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 14 of the 16 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
+
+### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports)
+
+ Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples.
### March-April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)
@@ -43,26 +45,31 @@ Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with
|||
|---|---|
-|||
+|||
-## AV-Comparatives: Perfect protection rating of 100% in the latest test
+## AV-Comparatives: Protection rating of 99.8% in the latest test
AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions.
-### Real-World Protection Test July (Consumer): [Protection Rate 100%](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/) **Latest**
+### Real-World Protection Test August - September (Enterprise): [Protection Rate 99.8%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-august-september-2018-testresult/) **Latest**
-The results are based on testing against 186 malicious URLs that have working exploits or point directly to malware.
+This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online.
+The test set contained 599 test cases (such as malicious URLs).
+
+### Malware Protection Test August 2018 (Enterprise): [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-august-2018-testresult/)
+
+This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. The results are based on testing against 1,556 malware samples.
### Real-World Protection Test March - June (Enterprise): [Protection Rate 98.7%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-march-june-2018-testresult/)
-This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online.
+The test set contained 1,163 test cases (such as malicious URLs).
### Malware Protection Test March 2018 (Enterprise): [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/)
-This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution.
+For this test, 1,470 recent malware samples were used.
[Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/)
diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md
index 5daf338deb..2f819e06b0 100644
--- a/windows/security/threat-protection/intelligence/understanding-malware.md
+++ b/windows/security/threat-protection/intelligence/understanding-malware.md
@@ -16,7 +16,7 @@ Malware is a term used to describe malicious applications and code that can caus
Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims.
-As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Windows Defender Advanced Threat Protection (Windows Defender ATP), businesses can stay protected with next-generation protection and other security capabilities.
+As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf), businesses can stay protected with next-generation protection and other security capabilities.
For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic.
diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md
index b76c90029c..c9e7ce8541 100644
--- a/windows/security/threat-protection/intelligence/worms-malware.md
+++ b/windows/security/threat-protection/intelligence/worms-malware.md
@@ -25,7 +25,7 @@ Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have
* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. We’ve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
-* **Bondat** typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as device name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
+* **Bondat** typically arrives through fictitious Nullsoft Scriptable Install System (NSIS), Java installers, and removable drives. When Bondat infects a system, it gathers information about the machine such as device name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing, they try to avoid detection by security software.
@@ -45,4 +45,4 @@ Download [Microsoft Security Essentials](https://www.microsoft.com/download/deta
In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
-For more general tips, see [prevent malware infection](prevent-malware-infection.md).
\ No newline at end of file
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
index c481a744c3..1478eafa69 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
@@ -18,7 +18,7 @@ ms.date: 10/11/2018
Describes the Account Lockout Policy settings and links to information about each policy setting.
-Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached. The Account Lockout Policy settings can be configured in the following location in the Group Policy Management Console: **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Account Lockout Policy**.
+Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached. The Account Lockout Policy settings can be configured in the following location in the Group Policy Management Console: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Account Lockout Policy**.
The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
index 2e776ea30d..06978674b3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index 5544020384..cad1984faf 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can perform various Windows Defender Antivirus functions with the dedicated command-line tool mpcmdrun.exe.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
index c11220d5fc..2af6cfcbc3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can manage and configure Windows Defender Antivirus with the following tools:
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
index a1880dbc92..b916b9c91e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
@@ -19,7 +19,7 @@ ms.date: 10/25/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
**Use Microsoft Intune to configure scanning options**
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
index 47b577521b..8f34c26265 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Block at first sight is a feature of next gen protection that provides a way to detect and block new malware within seconds.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
index c4712bd823..e78a18862c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md).
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
index a4e4d1798a..f467dac2b6 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can configure how users of the endpoints on your network can interact with Windows Defender Antivirus.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
index 05da87967e..ca5c66c4f2 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 7dc4b3d1f6..8292217735 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
index e948b58760..833abbcaff 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
By default, Windows Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index e993bcf60f..922fb0f10d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 10/08/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
index d6806de77b..8a98cffbc7 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
index 268fccc556..320078778c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can exclude files that have been opened by specific processes from Windows Defender Antivirus scans.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
index 61d9ada7c2..acb2c79bcf 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus uses several methods to provide threat protection:
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
index 72d4740064..801b935d4e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
index d14d383af2..35159b5198 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
index 497772dfde..d7c05e739f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus on Windows Server 2016 computers automatically enrolls you in certain exclusions, as defined by your specified server role. See [the end of this topic](#list-of-automatic-exclusions) for a list of these exclusions.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
index 03b6bf2fc1..1451728ecf 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can configure Windows Defender Antivirus with a number of tools, including:
diff --git a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
index fd8a577fc1..ae4eee36d6 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Windows Defender Antivirus scans.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
index 6d27b50ff2..38147632bc 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can deploy, manage, and report on Windows Defender Antivirus in a number of ways.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
index 6efcc0eeef..59b048bfda 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender Antivirus protection.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
index d330eff104..781b5ba5d5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
In addition to standard on-premises or hardware configurations, you can also use Windows Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index b149805427..475e161a65 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 660a9ce1eb..bc76dcf3d8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>[!NOTE]
>The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
index 743d2497f8..e40b93abd1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Use this guide to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
index 942585308e..923a59f0ba 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
@@ -20,7 +20,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
index cae61f23dc..6b53608726 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
index 6bc628a553..7639c8e05b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
index adec043210..bb3a6e46d7 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus lets you determine when it should look for and download updates.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index 4d2fb15044..24e05dd41a 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 8fb1e91905..c1d9aad15b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
There are two types of updates related to keeping Windows Defender Antivirus up to date:
1. Protection updates
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
index ee85e54424..4ea81cd37f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Mobile devices and VMs may require additional configuration to ensure performance is not impacted by updates.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
index eeb27d5a8f..880d56c9e3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can use Group Policy to prevent users on endpoints from seeing the Windows Defender Antivirus interface. You can also prevent them from pausing scans.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
index ccf84b466b..efa0d8b522 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
index adc59b2fe8..569d88a51c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
If Windows Defender Antivirus is configured to detect and remediate threats on your device, Windows Defender Antivirus quarantines suspicious files. If you are certain these files do not present a threat, you can restore them.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
index 5ffb2c076c..c75f970b7b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-windows-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-windows-defender-antivirus.md), the results are recorded and you can view the results.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
index 92f95ad535..7f0a6d6037 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
index ae3d1249f9..d62ac289fe 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
> [!NOTE]
> By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
index df9e3937bc..fe11787198 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
index 28d9cb0243..d1ae21771c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
index a40df9b551..d23df5b8f1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/11/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
If you encounter a problem with Windows Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
index e5cfbb322b..6581b10ed3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Windows Defender Antivirus on your endpoints.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
index d453a5b349..89cf104935 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
If you are using System Center Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Windows Defender Antivirus scans.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
index 8501bb8163..25ca31aa0a 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration, and you can read more about it at the [PowerShell hub on MSDN](https://msdn.microsoft.com/powershell/mt173057.aspx).
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
index e0542aea06..0ae7bc9771 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
index 3c436236fe..aebdd79b52 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 406a5296f8..97655419cf 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index ee54572b4c..7e7820edbb 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index 729d413d7f..e0ce8b36b5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
index 3304f1be1d..b705e33977 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
index e296c871c2..ca5529dfa1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 026ca31daa..3579ace8b1 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -13,7 +13,7 @@ ms.date: 10/17/2017
# Configure Windows Defender Application Guard policy settings
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index 06a0ab7b13..0c72267505 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -13,7 +13,7 @@ ms.date: 11/07/2017
# Frequently asked questions - Windows Defender Application Guard
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
index 11d81398e4..bcc683e524 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
@@ -14,7 +14,7 @@ ms.date: 10/19/2017
# Prepare to install Windows Defender Application Guard
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
## Review system requirements
diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index e60978932b..72eb82edac 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -13,7 +13,7 @@ ms.date: 11/09/2017
# System requirements for Windows Defender Application Guard
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
index e7f9fe2f97..511904d283 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
@@ -14,7 +14,7 @@ ms.date: 10/16/2018
# Application Guard testing scenarios
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
index de2039986d..b4f08ff71c 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@@ -13,7 +13,7 @@ ms.date: 09/07/2018
# Windows Defender Application Guard overview
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete.
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 0e82c47568..b887fd19b7 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/28/2018
# Configure advanced features in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
index d215d46fec..046e911ac9 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
index f12506e54b..dcda5f43d8 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 06/01/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index cc70b589cc..182eacc7b7 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# View and organize the Windows Defender Advanced Threat Protection Alerts queue
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index 385dfdea3a..421206a7f9 100644
--- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 10/16/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index 0bd1a15c11..700bbaef2b 100644
--- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 09/03/2018
**Applies to:**
- Azure Active Directory
- Office 365
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
index ab1b1ae399..f54267ebfe 100644
--- a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 28/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
index 9835695e87..11611c7741 100644
--- a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 09/13/2018
**Applies to:**
- Azure Active Directory
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
index 72e077f259..64f4c8d321 100644
--- a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
index c2b79d845d..4b525298cf 100644
--- a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# Check sensor health state in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md
index 652f48b580..74df3d6aa3 100644
--- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
index 4221621c34..4561797028 100644
--- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 04/24/2018
# Access the Windows Defender ATP Community Center
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
index 72d6473f97..4e24ca1381 100644
--- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# Enable conditional access to better protect users, devices, and data
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index fabaf74f07..b3d5cbfb91 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 10/16/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md
index eae78c84fa..2c223e0718 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md
@@ -16,7 +16,7 @@ ms.date: 09/03/2018
# Configure conditional access in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
This section guides you through all the steps you need to take to properly implement conditional access.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 16d4c73d26..94c5bfc2d5 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 10/08/2018
# Configure alert notifications in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 3ca88add4f..9b791272a5 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -20,7 +20,7 @@ ms.date: 04/24/2018
- Group Policy
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 25afed579f..e0c41580fa 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 09/19/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
index e5fa2adf95..3702b187d3 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 10/03/2018
- macOS
- Linux
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 6758d81fd7..707a5887a8 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
- System Center 2012 Configuration Manager or later versions
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 04ac622d7d..69bb28ccaa 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index 8a41625b88..8371836083 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 07/12/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
index 1dfed290f7..cbff3e3945 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Configure managed security service provider integration
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 4b2c89021e..c7d9e056c4 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 09/12/2018
# Configure machine proxy and Internet connectivity settings
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index d4ac2f4f15..32cc18106d 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -21,7 +21,7 @@ ms.date: 11/02/2018
- Windows Server 2016
- Windows Server, version 1803
- Windows Server, 2019
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index 84bdc39057..e2c82a3cc0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 10/16/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index b9cd80ca8b..09b8cf9087 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 10/16/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
index ae04f96b3d..60545d5706 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
@@ -17,7 +17,7 @@ ms.date: 10/29/2018
# Create custom detections rules
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
1. In the navigation pane, select **Advanced hunting**.
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index 6f9e0fb968..8bc7172555 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
index 44863a8a91..0232707da6 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index d06e1d8c9d..c2a6e3f9c3 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/07/2018
# Windows Defender ATP data storage and privacy
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index ece3b28679..420fba6b8f 100644
--- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -20,7 +20,7 @@ ms.date: 04/24/2018
- Windows Defender
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index 1010fe1684..f13739ad9c 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
index 1e416dcaa7..e88f1959d0 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index d160ae5c3a..fbe3783a63 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 10/08/2018
# Enable SIEM integration in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md b/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md
index 439774a08a..3422e6cbff 100644
--- a/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md
@@ -15,7 +15,7 @@ ms.date: 08/10/2018
---
# Evaluate Windows Defender ATP
-Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
You can evaluate Windows Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp).
diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
index 4f2681cf36..7d43f2c2a2 100644
--- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -21,7 +21,7 @@ ms.date: 05/21/2018
- Event Viewer
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index e0399dc1d9..8aeb2539ee 100644
--- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 11/09/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
index eac2742849..82d6912c6d 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md
@@ -14,13 +14,16 @@ ms.localizationpriority: medium
ms.date: 10/23/2017
---
-# Use the Windows Defender ATP exposed APIs (deprecated)
+# Use the Windows Defender ATP exposed APIs
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-[!include[Deprecated information](deprecate.md)]
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
index 5974e121b7..f1e846309d 100644
--- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 07/25/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index 40fc4f997e..77d40948be 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 10/23/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
index ec9f519881..ac3608c9c2 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
index 16010ba485..c0ff5a988c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
index d8cd27dd7d..70160a3b2c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
index 2a049c64c1..99fcbab5bf 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
index 7b825cf3ec..d0cfda9671 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
index d681a939d0..cc2ec68bf7 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
index 427b38fbc0..fba77be35c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
index 7fa4c673aa..a9abbd55bb 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
index c71ce9e99c..cd9221b4db 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
index 732a7dd638..30daf66f8c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
index 8b5aa9abb1..ae59bae72e 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 10/07/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Retrieves a map of CVE's to KB's and CVE details.
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
index 0c1c17341b..4d2cd0fc45 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
index a6dfe98ede..9995b7a57f 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
index 8d265979a9..7cab84b5fb 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
index f3e92c3b44..9683f68898 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
index 7227e523a1..3967df849d 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
index 58acadd2db..dc8a07b552 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
index 61fe8bb892..e7b702fac8 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md
index da4788db25..b83bae0e6d 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md
index fcbc93f374..5fc6065ee7 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md
index 6ea128b5a6..b00ad9d909 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
index fbb65ecc84..3502e90557 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
index 5134bd1653..04783ac39e 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
index 60756f6400..700a3ded7d 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 10/07/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Retrieves a collection of KB's and KB details.
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
index 617edd5dff..66f525a094 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
index 367979aab5..13530b98e5 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
index a3b0ac56d8..4803e86973 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md
index dd58f432f7..b3ed113094 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md
index 2c7d313be8..0983daee3c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
index 1d2ab14e01..d98a86a488 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 10/07/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Retrieves a collection of RBAC machine groups.
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
index 7a76745b39..2aae8e0d5d 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
index 1b3f4fe295..8880d2c1b8 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 10/07/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Retrieves a collection of machines security states.
diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md
index a8b8f3e44b..688491a75d 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-started.md b/windows/security/threat-protection/windows-defender-atp/get-started.md
index 0d0972f0bd..08d0bcb99e 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-started.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-started.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Get started with Windows Defender Advanced Threat Protection
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
index a4e00ae976..86880c519e 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
index d6bdcda7a0..6ea6b78d52 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
index 0f8ffbd1ed..11f719ebd8 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png b/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png
index 5f0e1199b6..afff6b7093 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png b/windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png
index d980fc4ed9..233b126c5b 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
index fa6a121754..01abcc2317 100644
--- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
+++ b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
@@ -16,7 +16,7 @@ ms.date: 10/08/2018
# Incidents queue in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
index 56ea8cdf4a..55f697cb46 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
@@ -54,14 +54,11 @@ Some actor profiles include a link to download a more comprehensive threat intel
The detailed alert profile helps you understand who the attackers are, who they target, what techniques, tools, and procedures (TTPs) they use, which geolocations they are active in, and finally, what recommended actions you may take. In many cases, you can download a more detailed Threat Intelligence report about this attacker or campaign for offline reading.
## Alert process tree
-The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence, together with other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page.
+The **Alert process tree** takes alert triage and investigation to the next level, displaying the aggregated alert and surrounding evidence that occurred within the same execution context and time period. This rich triage and investigation context is available on the alert page.
-The **Alert process tree** expands to display the execution path of the alert, its evidence, and related events that occurred in the minutes - before and after - the alert.
-
-The alert and related events or evidence have circles with thunderbolt icons inside them.
-
+The **Alert process tree** expands to display the execution path of the alert and related evidence that occurred around the same period. Items marked with a thunderbolt icon should be given priority during investigation.
>[!NOTE]
>The alert process tree might not be available in some alerts.
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
index 65acd1c33c..3529488b89 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
index d680bef4c2..196e04a38f 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
index bac3bc4093..464c9131b9 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 10/08/2018
# Investigate incidents in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
index 44daae5c16..0a5384f47f 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
index f9145a0e27..2c1fdf3100 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/18/2018
# Investigate machines in the Windows Defender ATP Machines list
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
index dcbc200193..7850ace854 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
index f0f44e04b4..42887d7fa8 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md
index 30ef2ffba1..c7b6c877d3 100644
--- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index 002cb3f3e8..3e8115cdf3 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 10/16/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
index a831efcf16..4f1279bc34 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
@@ -20,7 +20,7 @@ ms.date: 05/08/2018
- Azure Active Directory
- Office 365
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
index 830fa8ab3c..71992afbff 100644
--- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 09/03/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 76a5039107..352b56b258 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Manage Windows Defender Advanced Threat Protection alerts
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
index bdecb21ec0..3f276fd070 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 06/14/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
index c29f83b9b6..99572285a6 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
index 7fa091f70d..d078349bb4 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
index 6f9871b74e..83a65ee991 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 010/08/2018
# Manage Windows Defender ATP incidents
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
index 15632e8fdf..7154f763fb 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md
index ca0c7f20f7..0837b7356d 100644
--- a/windows/security/threat-protection/windows-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Overview of management and APIs
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mgt-apis-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
index 1ccd16747d..bcadd41d25 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
@@ -17,7 +17,7 @@ ms.date: 09/19/2018
# Configure Microsoft Cloud App Security integration
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease�information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
index 1a46548cdd..c18f430649 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
@@ -16,7 +16,7 @@ ms.date: 09/18/2018
# Microsoft Cloud App Security integration overview
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease�information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index db250caeda..e9577e41f5 100644
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -11,13 +11,13 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 07/01/2018
+ms.date: 11/06/2018
---
# Minimum requirements for Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
There are some minimum requirements for onboarding machines to the service.
@@ -30,7 +30,9 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
- Windows 10 Education E5
- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
-For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
+For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare).
+
+For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf).
## Related topic
diff --git a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
index f94250c812..71a710869a 100644
--- a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 10/29/2018
# Managed security service provider support
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
index c5dbddb3a0..17bba254f9 100644
--- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
@@ -21,7 +21,7 @@ ms.date: 04/24/2018
- Linux
- Windows Server 2012 R2
- Windows Server 2016
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index b2004cfea5..aa40fd346e 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 07/01/2018
# Onboard machines to the Windows Defender ATP service
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You need to turn on the sensor to give visibility within Windows Defender ATP.
@@ -42,7 +42,7 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
- Windows 7 SP1 Pro
- Windows 8.1 Enterprise
- Windows 8.1 Pro
-- Windows 10
+- Windows 10, version 1607 or later
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
index b092882ebc..59c6a4e7a2 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
@@ -22,7 +22,7 @@ ms.date: 10/10/2018
- Windows 7 SP1 Pro
- Windows 8.1 Pro
- Windows 8.1 Enterprise
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard.md b/windows/security/threat-protection/windows-defender-atp/onboard.md
index 461847ca9e..eff2042b2e 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Configure and manage Windows Defender ATP capabilities
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
index 5d7e92ddb8..fdd308623f 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
@@ -17,7 +17,7 @@ ms.date: 07/01/2018
# Overview of attack surface reduction
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Attack surface reduction capabilities in Windows Defender ATP helps protect the devices and applications in your organization from new and emerging threats.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md
index 40d4dc50bc..de0be3f887 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md
@@ -17,7 +17,7 @@ ms.date: 10/29/2018
# Custom detections overview
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Alerts in Windows Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
index ccc6ab2c87..ae60213fe2 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Overview of endpoint detection and response
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
The Windows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
index 88596a6cef..99b9d8721c 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
@@ -14,7 +14,7 @@ ms.date: 09/07/2018
# Hardware-based isolation in Windows 10
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Windows Defender ATP.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
index bacc9fdbc1..5bed487738 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
@@ -16,7 +16,7 @@ ms.date: 09/12/2018
# Overview of advanced hunting
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
index 5cd11935ed..7e3637ad4f 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
@@ -16,7 +16,7 @@ ms.date: 09/03/2018
# Overview of Secure score in Windows Defender Security Center
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview.md b/windows/security/threat-protection/windows-defender-atp/overview.md
index df560a652f..9741504d5c 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Overview of Windows Defender ATP capabilities
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform.
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index 1457a0d7dd..562664aec0 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# Windows Defender Advanced Threat Protection portal overview
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
index dd2b53458c..2af3d35376 100644
--- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 10/19/2018
# Create and build Power BI reports using Windows Defender ATP data
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
index b61ff7d784..545da6110c 100644
--- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# PowerShell code examples for the custom threat intelligence API
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index 828c4d45ac..d408ead55e 100644
--- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -16,7 +16,7 @@ ms.date: 04/24/2018
# Configure Windows Defender Security Center settings
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
index 2e309e3b2e..a3411e8a2a 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@@ -16,7 +16,7 @@ ms.date: 04/24/2018
# Turn on the preview experience in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 9a703bf22c..f77b086c9e 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -11,13 +11,13 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 09/03/2018
+ms.date: 11/05/2018
---
# Windows Defender ATP preview features
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
@@ -43,9 +43,6 @@ The following features are included in the preview release:
Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
-- [Integration with Azure Security Center](configure-server-endpoints-windows-defender-advanced-threat-protection.md#integration-with-azure-security-center)
-Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
-
- [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md)
Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 9668da89eb..4ede6cb172 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 10/26/2018
# Pull Windows Defender ATP alerts using REST API
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
index 46742baa03..57d3428cbc 100644
--- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 04/24/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
index 5503cf2607..bc2837f2bb 100644
--- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 05/08/2018
**Applies to:**
- Azure Active Directory
- Office 365
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md
index 3c6f9dcc4f..94706ede5a 100644
--- a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 37af693216..e6e881df90 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# Take response actions on a file
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index b59de3fb0e..3ad2b9c1a8 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -11,13 +11,13 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 12/12/2017
+ms.date: 11/05/2018
---
# Take response actions on a machine
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
index 565ee7cc61..202606d056 100644
--- a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 11/12/2017
# Take response actions in Windows Defender ATP
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md
index 257330a603..1722b1f921 100644
--- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 12/08/2017
# Restrict app execution API (deprecated)
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md
index 65142fc323..40d0e7da3f 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 12/08/2017
# Run antivirus scan API (deprecated)
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
index ad6fbc2bec..e0cf7f036b 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
@@ -22,7 +22,7 @@ ms.date: 09/07/2018
- Windows Server 2016
- Windows Server, version 1803
- Windows Server, 2019
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
index 36ff48cd5d..6fff222564 100644
--- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
@@ -15,7 +15,7 @@ ms.date: 10/26/2018
# Configure the security controls in Secure score
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Each security control lists recommendations that you can take to increase the security posture of your organization.
diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
index 907d6c7b27..a5f69cd49c 100644
--- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/04/2018
# Windows Defender Security Center Security operations dashboard
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
index 65de179e29..b74a5f896b 100644
--- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# Check the Windows Defender Advanced Threat Protection service health
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md
index ed17fb8595..078ced8e48 100644
--- a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 12/08/2017
# Stop and quarantine file API (deprecated)
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecated information](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
index f1fd830154..aff0ccd147 100644
--- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Supported Windows Defender ATP query APIs (deprecated)
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md
index fe228f3acc..55dd5a1cfc 100644
--- a/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 12/01/2017
# Supported Windows Defender ATP query APIs
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
index 321085bc62..4aab3cf41a 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
@@ -16,7 +16,7 @@ ms.date: 09/03/2018
# Threat analytics for Spectre and Meltdown
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
The **Threat analytics** dashboard provides insight on how emerging threats affect your organization. It provides information that's specific for your organization.
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
index bfd50a15cf..ba29920b5d 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
@@ -16,7 +16,7 @@ ms.date: 10/29/2018
# Threat analytics
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats.
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
index 3f5a0597bd..155f23aef6 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Understand threat intelligence concepts
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
index 4c9c126a2d..e0301cebc1 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
@@ -18,7 +18,7 @@ ms.date: 10/12/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
diff --git a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
index 4dd9223f2d..e513ef6ba4 100644
--- a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 02/13/2018
# Windows Defender Security Center time zone settings
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index 813babce81..193e3acb5f 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 06/25/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index dce7b35436..01a0beefda 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -19,7 +19,7 @@ ms.date: 08/01/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 7f38e2545a..3a34547911 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/07/2018
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
- Windows Server 2012 R2
- Windows Server 2016
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
index 2d4fc88758..8c7c0f5e5f 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@@ -11,13 +11,13 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 02/13/2018
+ms.date: 11/08/2018
---
# Troubleshoot SIEM tool integration issues
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
@@ -67,6 +67,12 @@ If you encounter an error when trying to get a refresh token when using the thre
6. Click **Save**.
+## Error while enabling the SIEM connector application
+If you encounter an error when trying to enable the SIEM connector application, check the pop-up blocker settings of your browser. It might be blocking the new window being opened when you enable the capability.
+
+
+
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink)
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
index 8de871e9ff..ad824d3ab2 100644
--- a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md
index 561d0c0eda..8898ab6189 100644
--- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md
index 8cf6fbfe94..e011fa5800 100644
--- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 12/08/2017
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Deprecatedinformation](deprecate.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index 9a12d912f6..261e038a76 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 04/24/2018
# Use the threat intelligence API to create custom alerts
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index f41440d094..b61baaafb2 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.date: 03/12/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
index 829e256921..505e031a5a 100644
--- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.date: 09/03/2018
# Create and manage roles for role-based access control
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-roles-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
index d905eb0d2b..7ecf9f1fda 100644
--- a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
@@ -16,7 +16,7 @@ ms.date: 10/08/2018
# View and organize the Windows Defender Advanced Threat Protection Incidents queue
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index abe99e8194..6d9b834f75 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 10/26/2018
+ms.date: 11/07/2018
---
# Windows Defender Advanced Threat Protection
@@ -76,8 +76,8 @@ To further reinforce the security perimeter of your network, Windows Defender AT
-**[Endpoint protection and response](overview-endpoint-detection-response.md)**
-Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
+**[Endpoint detection and response](overview-endpoint-detection-response.md)**
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 5b78a213a9..360b2a59c8 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 10/15/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature is part of Windows Defender Advanced Threat Protection and provides:
@@ -183,9 +183,7 @@ You can review the Windows event log to see events that are created when an atta
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
3. On the left panel, under **Actions**, click **Import custom view...**
-
- 
-
+
4. Navigate to the Exploit Guard Evaluation Package, and select the file *asr-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
5. Click **OK**.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
index 57927f648c..0131be7167 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@@ -19,7 +19,7 @@ ms.date: 09/18/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can enable attack surface reduction rules, eploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md
index 83348307d8..9448ed601f 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md
@@ -18,7 +18,7 @@ ms.date: 08/08/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using attack surface reduction rules, network protection, exploit protection, and controlled folder access.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
index fb5b4091c5..21c0acfc51 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
@@ -38,6 +38,12 @@ You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate ho
Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md).
+## Review controlled folder access events in the Windows Defender ATP Security Center
+
+Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+
## Review controlled folder access events in Windows Event Viewer
You can review the Windows event log to see events that are created when controlled folder access blocks (or audits) an app:
@@ -47,9 +53,7 @@ You can review the Windows event log to see events that are created when control
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
3. On the left panel, under **Actions**, click **Import custom view...**.
-
- 
-
+
4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
4. Click **OK**.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
index 75725299ff..8bbe633287 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -18,7 +18,7 @@ ms.date: 10/17/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
@@ -58,7 +58,7 @@ Block JavaScript or VBScript from launching downloaded executable content | [!in
Block executable content from email client and webmail | [!include[Check mark no](images/svg/check-no.svg)] | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
Block executable files from running unless they meet a prevalence, age, or trusted list criteria | [!include[Check mark yes](images/svg/check-yes.svg)] | 01443614-cd74-433a-b99e-2ecdc07bfc25
Use advanced protection against ransomware | [!include[Check mark yes](images/svg/check-yes.svg)] | c1db55ab-c21a-4637-bb3f-a12568109d35
-Block credential stealing from the Windows local security authority subsystem (lsass.exe) | [!include[Check mark no](images/svg/check-no.svg)] | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
+Block credential stealing from the Windows local security authority subsystem (lsass.exe) | [!include[Check mark yes](images/svg/check-yes.svg)] | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
Block process creations originating from PSExec and WMI commands | [!include[Check mark yes](images/svg/check-yes.svg)] | d1e49aac-8f56-4280-b9ba-993a6d77406c
Block untrusted and unsigned processes that run from USB | [!include[Check mark yes](images/svg/check-yes.svg)] | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
Block Office communication applications from creating child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | 26190899-1602-49e8-8b27-eb1d0a1ce869
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
index 38643b362f..5f501170df 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
index 57289d1fe5..7591a39db0 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
index becce4ead2..3b65d090e5 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 08/08/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
>[!IMPORTANT]
>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index 86e12c0578..675f449f0b 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -18,7 +18,7 @@ ms.date: 10/17/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
index 1d831ea2a9..79fb8541bf 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
index 91f8b6b1bb..70500e0307 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
@@ -18,7 +18,7 @@ ms.date: 08/08/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
index af47213614..d147c77d43 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
@@ -18,7 +18,7 @@ ms.date: 05/30/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Network protection helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index 2c5e663e91..98835fdcfd 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -13,7 +13,7 @@ ms.date: 08/08/2018
**Applies to**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10.
Some applications, including device drivers, may be incompatible with HVCI.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
index b0eb1162cb..a143ed81a3 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
index 9fa8ab6d2b..f30804cbd0 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[Controlled folder access](controlled-folders-exploit-guard.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
index 412888c242..1d7efe7b59 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
@@ -18,7 +18,7 @@ ms.date: 05/30/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
index ee1e9948c7..995cbaeb50 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Network protection helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
index 1bf42dc66c..5f32c57193 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@@ -19,7 +19,7 @@ ms.date: 08/08/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can review attack surface reduction events in Event Viewer. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
index 729d6cbc55..7fb3984ab2 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
index dde4c17bfa..99eb36540f 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
@@ -18,7 +18,7 @@ ms.date: 04/30/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md
index 03dd9e1ec9..11ff56a123 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
index 934d1154de..b1e742ac1b 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
@@ -41,6 +41,11 @@ Windows 10 version | Windows Defender Antivirus
- | -
Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
+## Review network protection events in the Windows Defender ATP Security Center
+
+Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
## Review network protection events in Windows Event Viewer
@@ -51,9 +56,7 @@ You can review the Windows event log to see events that are created when network
1. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
2. On the left panel, under **Actions**, click **Import custom view...**
-
- 
-
+
3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
4. Click **OK**.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 158a8a98ac..1eb3ac9b72 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -13,7 +13,7 @@ ms.date: 10/20/2017
**Applies to**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Computers must meet certain hardware, firmware, and software requirements in order to take adavantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
index 847b1fa492..5711270ae7 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
@@ -18,7 +18,7 @@ ms.date: 09/18/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
When you use [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as:
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md
index 31f4604299..ede76cf20a 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
index f2f8024158..b091e01721 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
- IT administrators
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index cfea6fdd1f..bdf4311dfe 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.