diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index fe3ef6c693..d50c95d74f 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -11,6 +11,7 @@
## [Manage updates to HoloLens](hololens-updates.md)
## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
## [Use the HoloLens Clicker](hololens-clicker.md)
+## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md)
# Application Management
diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md
index 8559ec009a..81c7ffc704 100644
--- a/devices/hololens/hololens-clicker-restart-recover.md
+++ b/devices/hololens/hololens-clicker-restart-recover.md
@@ -3,6 +3,7 @@ title: Restart or recover the HoloLens clicker
description: Things to try if the HoloLens clicker is unresponsive or isn’t working well.
ms.assetid: 13406eca-e2c6-4cfc-8ace-426ff8f837f4
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-clicker.md b/devices/hololens/hololens-clicker.md
index 576637493f..8ec7e8077b 100644
--- a/devices/hololens/hololens-clicker.md
+++ b/devices/hololens/hololens-clicker.md
@@ -3,6 +3,7 @@ title: Use the HoloLens Clicker
description:
ms.assetid: 7d4a30fd-cf1d-4c9a-8eb1-1968ccecbe59
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md
index db38dfe10d..8c74b3b97e 100644
--- a/devices/hololens/hololens-cortana.md
+++ b/devices/hololens/hololens-cortana.md
@@ -3,6 +3,7 @@ title: Cortana on HoloLens
description: Cortana can help you do all kinds of things on your HoloLens
ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md
index 61d53e606d..ba459eff13 100644
--- a/devices/hololens/hololens-find-and-save-files.md
+++ b/devices/hololens/hololens-find-and-save-files.md
@@ -3,6 +3,7 @@ title: Find and save files on HoloLens
description: Use File Explorer on HoloLens to view and manage files on your device
ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-get-apps.md b/devices/hololens/hololens-get-apps.md
index 4f1542e495..cd14341075 100644
--- a/devices/hololens/hololens-get-apps.md
+++ b/devices/hololens/hololens-get-apps.md
@@ -3,6 +3,7 @@ title: Get apps for HoloLens
description: The Microsoft Store is your source for apps and games that work with HoloLens.
ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md
index f55b6d68f9..49190e6907 100644
--- a/devices/hololens/hololens-offline.md
+++ b/devices/hololens/hololens-offline.md
@@ -3,6 +3,7 @@ title: Use HoloLens offline
description: To set up HoloLens, you'll need to connect to a Wi-Fi network
ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-restart-recover.md b/devices/hololens/hololens-restart-recover.md
new file mode 100644
index 0000000000..9bf0cddb37
--- /dev/null
+++ b/devices/hololens/hololens-restart-recover.md
@@ -0,0 +1,55 @@
+---
+title: Restart, reset, or recover HoloLens
+description: Restart, reset, or recover HoloLens
+ms.assetid: 9a546416-1648-403c-9e0c-742171b8812e
+ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Restart, reset, or recover HoloLens
+
+Here are some things to try if your HoloLens is unresponsive, isn’t running well, or is experiencing software or update problems.
+
+## Restart your HoloLens
+
+If your HoloLens isn’t running well or is unresponsive, try the following things.
+
+First, try restarting the device: say, "Hey Cortana, restart the device."
+
+If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
+
+If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
+
+## Reset or recover your HoloLens
+
+If restarting your HoloLens doesn’t help, another option is to reset it. If resetting it doesn’t fix the problem, the Windows Device Recovery Tool can help you recover your device.
+
+>[!IMPORTANT]
+>Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete.
+
+## Reset
+
+Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
+
+To reset your HoloLens, go to **Settings** > **Update** > **Reset** and select **Reset device**. The battery will need to have at least a 40 percent charge remaining to reset.
+
+## Recover using the Windows Device Recovery Tool
+
+Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time, and the latest version of the Windows Holographic software approved for your HoloLens will be installed.
+
+To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can’t run this tool on a virtual machine.
+To recover your HoloLens
+
+1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
+1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens-spaces-on-hololens.md b/devices/hololens/hololens-spaces-on-hololens.md
index a0d70ecd96..5c04bb7c3e 100644
--- a/devices/hololens/hololens-spaces-on-hololens.md
+++ b/devices/hololens/hololens-spaces-on-hololens.md
@@ -3,6 +3,7 @@ title: Spaces on HoloLens
description: HoloLens blends holograms with your world
ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/devices/hololens/hololens-use-apps.md b/devices/hololens/hololens-use-apps.md
index 9ea95c1da9..e3d0aba0a9 100644
--- a/devices/hololens/hololens-use-apps.md
+++ b/devices/hololens/hololens-use-apps.md
@@ -3,6 +3,7 @@ title: Use apps on HoloLens
description: Apps on HoloLens use either 2D view or holographic view.
ms.assetid: 6bd124c4-731c-4bcc-86c7-23f9b67ff616
ms.reviewer: jarrettrenshaw
+ms.date: 07/01/2019
manager: v-miegge
keywords: hololens
ms.prod: hololens
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index 9f89972a1f..843d0975aa 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.localizationpriority: medium
author: medgarmedgar
ms.author: v-medgar
-ms.date: 3/1/2019
+ms.date: 7/9/2019
---
# Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
@@ -70,14 +70,15 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)**
| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)**
| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
+| 15.1 Injest the ADMX | To get the latest OneDrive ADMX file you need an up-to-date Windows 10 client. | The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001").
+| 15.2 Prevent Network Traffic before User SignIn | PreventNetworkTrafficPreUserSignIn | The OMA-URI value is: ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn
| 16. Preinstalled apps | N/A | N/A
| 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)**
| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Specifies whether to allow app access to the Location service. **Set to 0 (zero)**
| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Disables or enables the camera. **Set to 0 (zero)**
| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)**
-| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune**
-| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)**
+| 17.5 Notifications | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)**
| | [Settings/AllowOnlineTips]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled**
| 17.6 Speech, Inking, & Typing | [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | This policy specifies whether users on the device have the option to enable online speech recognition. **Set to 0 (zero)**
| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)**
@@ -106,13 +107,30 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)**
| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)**
| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
+| 23.3 Windows Defender Potentially Unwanted Applications(PUA) Protection | [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection) | Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
| 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)**
| 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**
| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)**
| 25.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
| 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)**
-| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)**
+| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)**
+| 27.1 Windows Update Allow Update Service | [Update/AllowUpdateService](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) | Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
+| 27.2 Windows Update Service URL| [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) | Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with this Value:
+
+
+ $CmdID$
+ -
+
+ chr
+ text/plain
+
+
+ ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl
+
+ http://abcd-srv:8530
+
+
### Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 903c748516..fe82aa66b7 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -69,8 +69,7 @@ The following table lists management options for each setting, beginning with Wi
| [11. Mail synchronization](#bkmk-mailsync) |  | |  |
| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
| [13. Microsoft Edge](#bkmk-edge) |  |  |  |
-| [14. Network Connection Status Indicator](#bkmk-ncsi)
-) | |  |  |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
| [16. OneDrive](#bkmk-onedrive) | |  |  |
| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | |
@@ -548,14 +547,7 @@ To turn off the Windows Mail app:
### 12. Microsoft Account
-To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
-
-- **Enable** the Group Policy: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
-
- -or-
-
-- Create a REG_DWORD registry setting named **NoConnectedUser** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System** with a **value of 3**.
-
+Use the below setting to prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
To disable the Microsoft Account Sign-In Assistant:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
index ad42b1bcd9..f09ddf1096 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
@@ -28,6 +28,9 @@ ms.topic: procedural
Each onboarded machine adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a machine can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks.
+>[!NOTE]
+>Before you can track and manage onboarding of machines, [enroll your machines to Intune management](configure-machines.md#enroll-machines-to-intune-management).
+
## Discover and track unprotected machines
The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 machines that have actually onboarded to Microsoft Defender ATP against the total number of Intune-managed Windows 10 machines.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
index b7a5c0bf30..d91d24bb04 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
@@ -30,6 +30,9 @@ Security baselines ensure that security features are configured according to gui
To understand security baselines and how they are assigned on Intune using configuration profiles, [read this FAQ](https://docs.microsoft.com/intune/security-baselines#q--a).
+>[!NOTE]
+>Before you can track and manage compliance to the Microsoft Defender ATP security baseline, [enroll your machines to Intune management](configure-machines.md#enroll-machines-to-intune-management).
+
## Compare the Microsoft Defender ATP and the Windows Intune security baselines
The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure machines running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Windows Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
index 62140b2d6d..31fbc743c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
@@ -49,14 +49,17 @@ Machine configuration management works closely with Intune device management to
Before you can ensure your machines are configured properly, enroll them to Intune management. Intune enrollment is robust and has several enrollment options for Windows 10 machines. For more information about Intune enrollment options, read [Set up enrollment for Windows devices](https://docs.microsoft.com/en-us/intune/windows-enroll).
+>[!NOTE]
+>To enroll Windows devices to Intune, administrators must have already been assigned licenses. [Read about assigning licenses for device enrollment](https://docs.microsoft.com/en-us/intune/licenses-assign).
+
>[!TIP]
>To optimize machine management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
->[!NOTE]
->During preview, you might encounter a few known limitations:
->- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
->- The count of onboarded machines tracked by machine configuration management might not include machines onboarded using Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles. To include these machines, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to these machines.
->- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard.
+## Known issues and limitations in this preview
+During preview, you might encounter a few known limitations:
+- You might experience discrepancies in aggregated data displayed on the machine configuration management page and those displayed on overview screens in Intune.
+- The count of onboarded machines tracked by machine configuration management might not include machines onboarded using Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles. To include these machines, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to these machines.
+- The Microsoft Defender ATP security baseline currently doesn’t cover settings for all Microsoft Defender ATP security controls, including settings for exploit protection and Application Guard.
## In this section
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md
index 6cf7155a9a..3671675351 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md
@@ -83,7 +83,6 @@ than the process in level 1.
|---------|----------------|--------------|-------------|
| Start Menu and Taskbar / Notifications | Turn off toast notifications on the lock screen | Enabled | Turns off toast notifications on the lock screen. |
| Windows Components / Cloud Content | Do not suggest third-party content in the Windows spotlight | Enabled | Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers |
-| Windows Components / Internet Explorer | Turn on the auto-complete feature for user names and passwords on forms | Disabled | This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. |
### Services
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md
index e7cc86bf0e..d1673ce03b 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md
@@ -53,6 +53,11 @@ a level of security commensurate with the risks facing targeted organizations. M
| Windows Components / Internet Explorer / Internet Control Panel / Security Page | Intranet Sites: Include all network paths (UNCs) | Disabled | This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. |
| Windows Components / Microsoft Edge | Configure Password Manager | Disabled | This policy setting lets you decide whether employees can save their passwords locally using Password Manager. By default, Password Manager is turned on. if you enable this setting, employees can use Password Manager to save their passwords locally. If you disable this setting employees can't use Password Manager to save their passwords locally. If you don't configure this setting employees can choose whether to use Password Manager to save their passwords locally. |
+### User Policies
+| Feature | Policy Setting | Policy Value | Description |
+|----------|-----------------|---------------|--------------|
+| Windows Components / Internet Explorer | Turn on the auto-complete feature for user names and passwords on forms | Disabled | This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords". If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button. |
+
## Controls
The controls enforced in level 3 implement complex security configuration and controls.