Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the the Sync your Settings toggle.
+ html:Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle.
image: @@ -228,4 +228,4 @@ sections: src: https://docs.microsoft.com/media/common/i_policy.svg - title: All group policies \ No newline at end of file + title: All group policies diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md index 65e68d1a5e..d053b89a43 100644 --- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md +++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md @@ -23,7 +23,7 @@ Microsoft Edge is the default browser experience for Windows 10 and Windows 10 M - ActiveX controls -- Browser Heler Objects +- Browser Helper Objects - VBScript diff --git a/browsers/edge/images/microsoft-edge-infographic-sm.png b/browsers/edge/images/microsoft-edge-infographic-sm.png new file mode 100644 index 0000000000..1794540e5c Binary files /dev/null and b/browsers/edge/images/microsoft-edge-infographic-sm.png differ diff --git a/browsers/edge/images/microsoft-edge-kiosk-mode.png b/browsers/edge/images/microsoft-edge-kiosk-mode.png index d2ccfb42cf..c012affb90 100644 Binary files a/browsers/edge/images/microsoft-edge-kiosk-mode.png and b/browsers/edge/images/microsoft-edge-kiosk-mode.png differ diff --git a/browsers/edge/img-microsoft-edge-infographic-lg.md b/browsers/edge/img-microsoft-edge-infographic-lg.md new file mode 100644 index 0000000000..e9d8b67cc2 --- /dev/null +++ b/browsers/edge/img-microsoft-edge-infographic-lg.md @@ -0,0 +1,11 @@ +--- +description: A full-sized view of the Microsoft Edge infographic. +title: Full-sized view of the Microsoft Edge infographic +ms.date: 11/10/2016 +--- + +Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). | +|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 seconds, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.
For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). | --- ### ADMX info and settings @@ -42,15 +42,15 @@ ### Related topics -- [Use Enterprise Mode to improve compatibility](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility). If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. +- [Use Enterprise Mode to improve compatibility](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility). If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. - [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. - [Enterprise Mode for Internet Explorer 11](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company. -- [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode). Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). +- [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode). Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool targeted explicitly towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). -- [Enterprise Mode and the Enterprise Mode Site List XML file](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode#enterprise-mode-and-the-enterprise-mode-site-list-xml-file). The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using Enterprise Mode Site List Manager (schema v.2), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your users can easily view this site list by typing about:compat in either Microsoft Edge or IE11. +- [Enterprise Mode and the Enterprise Mode Site List XML file](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode#enterprise-mode-and-the-enterprise-mode-site-list-xml-file). The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. When you use the Enterprise Mode Site List Manager schema v.2, you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also launch in a specific compat mode, so it always renders correctly. Your users can quickly view this site list by typing about:compat in either Microsoft Edge or IE11. diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md index 6c5f7a83e8..95b6dd63de 100644 --- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md +++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md @@ -49,6 +49,6 @@ For this policy to work, you must configure Microsoft Edge in assigned access; o ### Related topics -[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to setup your Microsoft Edge kiosk mode experience. +[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience.
To define a default list of favorites, do the following:
To define a default list of favorites, do the following:
Enabling this policy automatically opens all intranet sites in IE11, even if the users have Microsoft Edge as their default browser.
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want users to use the default Microsoft Edge settings for each market set the string to **EDGEDEFAULT**.
If you would like users to use Microsoft Bing as the default search engine set the string to **EDGEBING**. | | +|Enabled |1 |1 |Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.
If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. | | --- @@ -52,6 +52,6 @@ ms:topic: include - [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)] -- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites. +- [Search provider discovery](https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/browser/search-provider-discovery): The Microsoft Edge address bar uses rich search integration, including search suggestions, results from the web, your browsing history, and favorites.
The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads. Use the “Configure kiosk reset after idle timeout” policy to set the idle timer, which is set to 5 minutes by default.
A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge. +2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.
The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads.
A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.  @@ -64,24 +64,23 @@ The multi-app Microsoft Edge kiosk mode types include: Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Edge in assigned access. With assigned access, you restrict a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode. You can set up Microsoft Edge kiosk mode in assigned access using: -- **Windows Settings.** Use to set up a couple of single-app kiosk devices. If you hit the Windows key and type “kiosk” you can setup Microsoft Edge kiosk mode for a single-app (Digital / Interactive signage or Public browsing) expereince and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout. +- **Windows Settings.** Use to set up a couple of single-app kiosk devices. If you hit the Windows key and type “kiosk” you can set up Microsoft Edge kiosk mode for a single-app (Digital / Interactive signage or Public browsing) experience and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout. -IMPORTANT: Do not use the Windows 10 Settings to configure multi-app kiosks. + >[!IMPORTANT] + >Do not use the Windows 10 Settings to configure multi-app kiosks. -- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode](). +- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported policies see [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode). >[!NOTE] >For other MDM service, check with your provider for instructions. -- **Windows PowerShell.** Best for setting up multiple devices as a kiosk. With this method, you can set up single-app or multi-app assigned access using a PowerShell script. For details, see For details, see [Set up a kiosk or digital sign using Windows PowerShell](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-using-windows-powershell). -- **Windows Configuration Designer.** Best for setting up multiple kiosk devices. Download and install both the latest version of the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and [Windows Configuration Manager](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd#install-windows-configuration-designer-1). ### Prerequisites - Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education). -- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge +- Configuration and deployment service, such as Microsoft Intune or other MDM service. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge ### Use Windows Settings @@ -94,7 +93,7 @@ When you set up a single-app kiosk device using Windows Settings, you must first 2. On the **Set up a kiosk** page, click **Get started**. -3. Type a name to create a new account or you can choose an existing account and click **Next**. +3. Type a name to create a new account, or you can choose an existing account and click **Next**. 4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**. @@ -112,8 +111,7 @@ When you set up a single-app kiosk device using Windows Settings, you must first >[!NOTE] >The URL sets the Home button, Start page, and New Tab page. -8. Accept the default value of **5 minutes** for the idle time or provide your - own value. +8. Accept the default value of **5 minutes** for the idle time or provide a value of your own. >[!TIP] >Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue. If the user does not **Continue**, Microsoft Edge resets to the default URL. @@ -124,14 +122,14 @@ When you set up a single-app kiosk device using Windows Settings, you must first 11. Once you've configured the policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration. -*Congratulations!* You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode. +**_Congratulations!_** You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode. **_Next steps._** |If you want to... |Then... | |---|---| |Use your new kiosk |Sign into the device with the kiosk account that you selected to run Microsoft Edge kiosk mode. | -|Make changes to your kiosk such as change the display option or the URL that loads |
 | Configure the display mode for Microsoft Edge as a kiosk app.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
**Data type:** Integer
**Allowed values:**
 | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
**Data type:** Integer
**Allowed values:**
 | Set one or more start pages, URLs, to load when Microsoft Edge launches.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
**Data type:** String
**Allowed values:**
Enter one or more URLs, for example,  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
- | **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**  | Set a custom URL for the New Tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
+ | | |
+ |---|---|
+ | **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**  | Configure the display mode for Microsoft Edge as a kiosk app. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode **Data type:** Integer **Allowed values:**  | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout **Data type:** Integer **Allowed values:**  | Set one or more start pages, URLs, to load when Microsoft Edge launches. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages **Data type:** String **Allowed values:** Enter one or more URLs, for example,  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
+ | **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**  | Set a custom URL for the New Tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
---
-  | Configure the display mode for Microsoft Edge as a kiosk app. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode **Data type:** Integer **Allowed values:**  | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout **Data type:** Integer **Allowed values:**  | Set one or more start pages, URLs, to load when Microsoft Edge launches. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages **Data type:** String **Allowed values:** Enter one or more URLs, for example,  | Configure how the Home Button behaves. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton **Data type:** Integer **Allowed values:**  | If you set ConfigureHomeButton to 2, configure the home button URL. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.bing.com |
- | **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**  | Set a custom URL for the New Tab page. **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL **Data type:** String **Allowed values:** Enter a URL, for example, https://www.msn.com |
- ---
-
-5. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to [build the package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
-
-6. Click **Finish**. The wizard closes and takes you back to the Customizations page.
-
-7. [Apply the provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package) to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime).
-
-**_Congratulations!_** You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
-
-**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
-
---
## Microsoft Edge kiosk mode policies
-We added new Microsoft Edge policies to configure the kiosk mode type as well as the idle timer. For these polices to work correctly, you must set up Microsoft Edge in assigned access.
+We added new Microsoft Edge policies to configure the kiosk mode type as well as the idle timer. For these policies to work correctly, you must set up Microsoft Edge in assigned access.
### Configure kiosk mode
[!INCLUDE [configure-microsoft-edge-kiosk-mode-include](includes/configure-microsoft-edge-kiosk-mode-include.md)]
@@ -207,75 +170,75 @@ We added new Microsoft Edge policies to configure the kiosk mode type as well as
### Configure kiosk reset idle timeout
[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include](includes/configure-edge-kiosk-reset-idle-timeout-include.md)]
-### Supported policies for kiosk mode
+## Supported policies for kiosk mode
Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser).
| **MDM Setting** | **Digital /
*1) For multi-app assigned access, you must configure Internet Explorer 11.*
 = Not applicable or not supported *\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
-| Block URL support |  *\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
-| Configure Home Button |  |  |
-| Set Start page(s) URL |  |  *Same as Home button URL* |
-| Set New Tab page URL |  |  |
-| Favorites management |  |  |
-| End session button |  |  *In Intune, must create custom URI to enable. Dedicated UI configuration targeted for 1808.* |
+| Multi-tab support |  |  |
+| Allow/Block URL support |  *\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
+| Configure Home Button |  |  |
+| Set Start page(s) URL |  |  *Same as Home button URL* |
+| Set New Tab page URL |  |  |
+| Favorites management |  |  |
+| End session button |  |  *In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration targeted for 1808.* |
| Reset on inactivity |  |  |
-| Internet Explorer integration (Enterprise Mode site list) |  *Multi-app mode only* |  |
+| Internet Explorer integration (Enterprise Mode site list) |  *Multi-app mode only* |  |
+| Available in Microsoft Store |  |  |
+|SKU availability | Windows 10 October 2018 Update
diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
index 0de9b830c6..06a3905c63 100644
--- a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
+++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
@@ -7,4 +7,4 @@ ms:topic: include
---
[Microsoft browser extension policy](https://docs.microsoft.com/en-us/legal/windows/agreements/microsoft-browser-extension-policy):
-This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
+This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
diff --git a/browsers/edge/troubleshooting-microsoft-edge.md b/browsers/edge/troubleshooting-microsoft-edge.md
new file mode 100644
index 0000000000..5b3af2b0e3
--- /dev/null
+++ b/browsers/edge/troubleshooting-microsoft-edge.md
@@ -0,0 +1,20 @@
+---
+title: Troubleshoot Microsoft Edge
+description:
+ms.assetid:
+author: shortpatti
+ms.author: pashort
+ms.prod: edge
+ms.sitesec: library
+title: Deploy Microsoft Edge kiosk mode
+ms.localizationpriority: medium
+ms.date: 10/15/2018
+---
+
+# Troubleshoot Microsoft Edge
+
+
+## Microsoft Edge and IPv6
+We are aware that this is a known issue with Microsoft Edge and all UWP-based apps, such as Store, Mail, Feedback Hub, and so on. It only happens if you have disabled IPv6 (not recommended), so a temporary workaround is to enable IPv6.
+
+## Microsoft Edge hijacks .PDF and .HTM files
diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md
index f980f943ee..a18552366f 100644
--- a/browsers/includes/interoperability-goals-enterprise-guidance.md
+++ b/browsers/includes/interoperability-goals-enterprise-guidance.md
@@ -1,7 +1,7 @@
---
author: shortpatti
ms.author: pashort
-ms.date: 10/02/2018
+ms.date: 10/15/2018
ms.prod: edge
ms:topic: include
---
@@ -18,19 +18,20 @@ You must continue using IE11 if web apps use any of the following:
* <meta> tags
-* Enterprise mode or compatibility view to address compatibility issues
+* Enterprise mode or compatibility view to addressing compatibility issues
-* legacy document modes [what is this?]
+* legacy document modes
-If you have uninstalled IE11, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
+If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
>[!TIP]
->If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
+>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
|Technology |Why it existed |Why we don't need it anymore |
|---------|---------|---------|
|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | |
|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | |
-|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge will have a single “living” document mode. In order to minimize the compatibility burden, features will be tested behind switches in about:flags until they are stable and ready to be turned on by default. |
+|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. |
+---
diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md
index 5e6469aab1..06e75a666a 100644
--- a/devices/surface-hub/surface-hub-start-menu.md
+++ b/devices/surface-hub/surface-hub-start-menu.md
@@ -145,7 +145,7 @@ This example shows a link to a website and a link to a .pdf file.
TileID="2678823080"
DisplayName="Bing"
Arguments="https://www.bing.com/"
- Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png"
+ Square150x150LogoUri="ms-appx:///"
Wide310x150LogoUri="ms-appx:///"
ShowNameOnSquare150x150Logo="true"
ShowNameOnWide310x150Logo="false"
@@ -164,7 +164,10 @@ This example shows a link to a website and a link to a .pdf file.
TileID="6153963000"
DisplayName="cstrtqbiology.pdf"
Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
- Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png" Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true" ShowNameOnWide310x150Logo="true"
+ Square150x150LogoUri="ms-appx:///"
+ Wide310x150LogoUri="ms-appx:///"
+ ShowNameOnSquare150x150Logo="true"
+ ShowNameOnWide310x150Logo="true"
BackgroundColor="#ff4e4248"
Size="4x2"
Row="4"
@@ -177,6 +180,11 @@ This example shows a link to a website and a link to a .pdf file.
```
+>[!NOTE]
+>Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub.
+>
+>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark.
+
## More information
- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/)
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index 86bde3c803..0e0ff5dcc7 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 10/02/2018
+ms.date: 10/15/2018
---
# Change history for Surface documentation
@@ -19,6 +19,7 @@ This topic lists new and updated topics in the Surface documentation library.
New or changed topic | Description
--- | ---
[Battery Limit setting](battery-limit.md) | New
+|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO |
## May 2018
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index a023fdb141..116df9446d 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: brecords
-ms.date: 09/13/2018
+ms.date: 10/15/2018
ms.author: jdecker
ms.topic: article
---
@@ -39,6 +39,11 @@ Recent additions to the downloads for Surface devices provide you with options t
>A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
+## Surface GO
+
+Download the following updates for [Surface GO from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57439).
+* SurfaceGO_Win10_17134_1802010_6.msi - Cumulative firmware and driver update package for Windows 10
+
## Surface Book 2
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index 3ba289e3e6..fece916499 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -26,6 +26,8 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
+* Surface Pro 6
+* Surface Laptop 2
* Surface Go
* Surface Book 2
* Surface Pro with LTE Advanced (Model 1807)
@@ -148,6 +150,14 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
+### Version 3.2.69.0
+*Release Date: 12 October 2018*
+
+This version of Surface Data Eraser adds support for the following:
+
+- Surface Pro 6
+- Surface Laptop 2
+
### Version 3.2.68.0
This version of Microsoft Surface Data Eraser adds support for the following:
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index 445be071c9..b8ee7359dc 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -117,6 +117,15 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
>[!Note]
>Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
+### Version 2.23.139.0
+*Release Date: 10 October 2018*
+
+This version of Surface Dock Updater adds support for the following:
+
+- Add support for Surface Pro 6
+- Add support for Surface Laptop 2
+
+
### Version 2.22.139.0
*Release Date: 26 July 2018*
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index b71c991d7c..90429edde2 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -154,23 +154,26 @@ To set up a test account through Windows Configuration Designer, follow these st
4. Follow the steps in [Apply a provisioning package](https://technet.microsoft.com/en-us/itpro/windows/configure/provisioning-apply-package) to apply the package that you created.
-### Set up a test account in Group Policy
-To set up a test account using Group Policy, first create a Powershell script that configures the test account and assessment URL, and then create a scheduled task to run the script.
+### Set up a tester account in Group Policy
+To set up a tester account using Group Policy, first create a Powershell script that configures the tester account and assessment URL, and then create a scheduled task to run the script.
#### Create a PowerShell script
-This sample PowerShell script configures the test account and the assessment URL. Edit the sample to:
+This sample PowerShell script configures the tester account and the assessment URL. Edit the sample to:
- Use your assessment URL for **$obj.LaunchURI**
-- Use your test account for **$obj.TesterAccount**
-- Use your test account for **-UserName**
+- Use your tester account for **$obj.TesterAccount**
+- Use your tester account for **-UserName**
- ```
- $obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
- $obj.LaunchURI='http://www.foo.com';
- $obj.TesterAccount='TestAccount';
- $obj.put()
- Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount
- ```
+>[!NOTE]
+>The account that you specify for the tester account must already exist on the device.
+
+```
+$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
+$obj.LaunchURI='http://www.foo.com';
+$obj.TesterAccount='TestAccount';
+$obj.put()
+Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount
+```
#### Create a scheduled task in Group Policy
1. Open the Group Policy Management Console.
diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md
index c6f0c89d68..ded98a3926 100644
--- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md
@@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.0 client configuration.
`$config = Get-AppvClientConfiguration`
- `Set-AppcClientConfiguration $config`
+ `Set-AppvClientConfiguration $config`
- `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
+ `Set-AppvClientConfiguration –AutoLoad 2`
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md
index 4bf8017105..af53d695b0 100644
--- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md
+++ b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md
@@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.1 client configuration.
`$config = Get-AppvClientConfiguration`
- `Set-AppcClientConfiguration $config`
+ `Set-AppvClientConfiguration $config`
- `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
+ `Set-AppvClientConfiguration –AutoLoad 2`
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
diff --git a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md
index 349e62903b..78e6044a28 100644
--- a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md
+++ b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md
@@ -51,7 +51,7 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C
To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**.
-5. Use the Configuration Manager console to confirm that that the following new configuration items are displayed:
+5. Use the Configuration Manager console to confirm that the following new configuration items are displayed:
- BitLocker Fixed Data Drives Protection
diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md
index 9709bdc21e..d383fa3117 100644
--- a/store-for-business/TOC.md
+++ b/store-for-business/TOC.md
@@ -24,6 +24,7 @@
### [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md)
### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md)
### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md)
+### [Working with solution providers in Microsoft Store for Business](work-with-partner-microsoft-store-business.md)
## [Device Guard signing portal](device-guard-signing-portal.md)
### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md)
### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md)
diff --git a/store-for-business/images/msfb-find-partner.png b/store-for-business/images/msfb-find-partner.png
new file mode 100644
index 0000000000..23759cfb5f
Binary files /dev/null and b/store-for-business/images/msfb-find-partner.png differ
diff --git a/store-for-business/images/msfb-provider-list.png b/store-for-business/images/msfb-provider-list.png
new file mode 100644
index 0000000000..2fbafca80f
Binary files /dev/null and b/store-for-business/images/msfb-provider-list.png differ
diff --git a/store-for-business/work-with-partner-microsoft-store-business.md b/store-for-business/work-with-partner-microsoft-store-business.md
new file mode 100644
index 0000000000..bb86f6ed46
--- /dev/null
+++ b/store-for-business/work-with-partner-microsoft-store-business.md
@@ -0,0 +1,79 @@
+---
+title: Work with solution providers in Microsoft Store for Business and Education (Windows 10)
+description: You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school.
+keywords: partner, solution provider
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+ms.author: TrudyHa
+ms.topic: conceptual
+ms.date: 10/12/2018
+---
+
+# Working with solution providers in Microsoft Store for Business
+
+You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school. There's a few steps involved in getting the things set up.
+
+The process goes like this:
+- Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business.
+- Solution providers send a request from Partner center to customers to become their solution provider.
+- Customers accept the invitation in Microsoft Store for Business and start working with the solution provider.
+- Customers can manage setting for the relationship with Partner in Microsoft Store for Business.
+
+## What can a solution provider do for my organization or school?
+
+There are several ways that a solution provider can work with you. Solution providers will choose one of these when they send their request to work as a partner with you.
+
+| Solution provider function | Description |
+| ------ | ------------------- |
+| Reseller | Solution providers sell Microsoft products to your organization or school. |
+| Delegated administrator | Solution provider manages products and services for your organization or school. In Azure Active Directory (AD), the Partner will be a Global Administrator for tenant. This allows them to manage services like creating user accounts, assigning and managing licenses, and password resets. |
+| Reseller & delegated administrator | This is a team of two solution providers. You'll receive one partner invitation, but there will be two Solution providers listed on the request. One will sell products, and the other will manage them for you. |
+| Partner | You can give your solution provider a user account in your tenant, and they work on your behalf with other Microsoft services. |
+| Microsoft Products & Services Agreement (MPSA) partner | If you've worked with multiple solution providers through the MPSA program, you can allow partners to see purchases made by each other. |
+| OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). |
+| Line-of-business (LOB) partner | Solution providers can develop, submit, and manage LOB apps specific for your organization or school. |
+
+## Find a solution provider
+
+You can find partner in Microsoft Store for Business and Education.
+
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
+2. Select **Find a solution provider**.
+
+ 
+
+3. Refine the list, or search for a solution provider.
+
+ 
+
+4. When you find a solution provider you're interested in working with, click **Contact**.
+5. Complete and send the form.
+
+The solution provider will get in touch with you. You'll have a chance to learn more about them. If you decide to work with the solution provider, they will send you an email invitation from Partner Center.
+
+## Work with a solution provider
+
+Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions.
+
+**To accept a solution provider invitation**
+1. **Follow email link** - You'll receive an email with a link accept the solution provider invitation. The link will take you to Microsoft Store for Business or Education.
+2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider.
+
+## Delegate admin privileges
+
+Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad).
+
+If you don't want to delegate admin privileges to the solution provider, you'll need to cancel the invitation instead of accepting it.
+
+If you delegate admin privileges to a solution provider, you can remove that later.
+
+**To remove delegate admin privileges**
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
+2. Select **Partner**
+3. Choose the Partner you want to manage.
+4. Select **Remove Delegated Permissions**.
+
+The solution provider will still be able to work with you, for example, as a Reseller.
\ No newline at end of file
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index b6515bbde1..5ee9f992a3 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -131,53 +131,58 @@ Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, a
## Provisioned Windows apps
-Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709, and 1803.
+Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 and 1809.
+
+```
+> Get-AppxProvisionedPackage -Online | Select-Object DisplayName, PackageName
+```
+
+| Package name | App name | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? |
+|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
+| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | | Yes |
+| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App |
+| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | x | No |
+| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | | x | No |
+| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | | x | No |
+| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No |
+| Microsoft.SkreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No |
+| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No |
+| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.VP9VideoExtensions | | | | | x | No |
+| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | | x | No |
+| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No |
+| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | x | No |
+| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
+| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | | x | No |
+| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No |
-| Name | Full name | 1703 | 1709 | 1803 | Uninstall through UI? |
-|---------------------------------|----------------------------------------|:------:|:------:|:------:|:---------------------------:|
-| 3D Builder | Microsoft.3DBuilder | x | | | Yes |
-| Alarms & Clock | Microsoft.WindowsAlarms | x | x | x | No |
-| App Installer | Microsoft.DesktopAppInstaller | x | x | x | Via Settings App |
-| Calculator | Microsoft.WindowsCalculator | x | x | x | No |
-| Camera | Microsoft.WindowsCamera | x | x | x | No |
-| Feedback Hub | Microsoft.WindowsFeedbackHub | x | x | x | Yes |
-| Get Help | Microsoft.GetHelp | | x | x | No |
-| Get Office/My Office | Microsoft.Microsoft OfficeHub | x | x | x | Yes |
-| Get Skype/Skype (preview)/Skype | Microsoft.SkypeApp | x | x | x | Yes |
-| Get Started/Tips | Microsoft.Getstarted | x | x | x | Yes |
-| Groove | Microsoft.ZuneMusic | x | x | x | No |
-| Mail and Calendar | Microsoft.windows communicationsapps | x | x | x | No |
-| Maps | Microsoft.WindowsMaps | x | x | x | No |
-| Messaging | Microsoft.Messaging | x | x | x | No |
-| Microsoft 3D Viewer | Microsoft.Microsoft3DViewer | x | x | x | No |
-| Movies & TV | Microsoft.ZuneVideo | x | x | x | No |
-| OneNote | Microsoft.Office.OneNote | x | x | x | Yes |
-| Paid Wi-FI | Microsoft.OneConnect | x | x | x | Yes |
-| Paint 3D | Microsoft.MSPaint | x | x | x | No |
-| People | Microsoft.People | x | x | x | No |
-| Photos | Microsoft.Windows.Photos | x | x | x | No |
-| Print 3D | Microsoft.Print3D | | x | x | No |
-| Solitaire | Microsoft.Microsoft SolitaireCollection| x | x | x | Yes |
-| Sticky Notes | Microsoft.MicrosoftStickyNotes | x | x | x | No |
-| Store | Microsoft.WindowsStore | x | x | x | No |
-| Sway | Microsoft.Office.Sway | * | x | x | Yes |
-| Voice Recorder | Microsoft.SoundRecorder | x | x | x | No |
-| Wallet | Microsoft.Wallet | x | x | x | No |
-| Weather | Microsoft.BingWeather | x | x | x | Yes |
-| Xbox | Microsoft.XboxApp | x | x | x | No |
-| | Microsoft.OneConnect | x | x | x | No |
-| | Microsoft.DesktopAppInstaller | | | x | No |
-| | Microsoft.StorePurchaseApp | x | x | x | No |
-| | Microsoft.WebMediaExtensions | | | x | No |
-| | Microsoft.Xbox.TCUI | | x | x | No |
-| | Microsoft.XboxGameOverlay | x | x | x | No |
-| | Microsoft.XboxGamingOverlay | | | x | No |
-| | Microsoft.XboxIdentityProvider | x | x | x | No |
-| | Microsoft.XboxSpeech ToTextOverlay | x | x | x | No |
---
-
>[!NOTE]
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
-
-
----
+---
\ No newline at end of file
diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md
index c4e31dc19c..1500f26da8 100644
--- a/windows/application-management/msix-app-packaging-tool.md
+++ b/windows/application-management/msix-app-packaging-tool.md
@@ -8,42 +8,19 @@ ms.sitesec: library
ms.localizationpriority: medium
ms.author: mikeblodge
ms.topic: article
-ms.date: 09/21/2018
+ms.date: 10/16/2018
---
# Repackage existing win32 applications to the MSIX format
-The MSIX Packaging Tool (Preview) is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store (coming soon).
+The MSIX Packaging Tool is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store.
> Prerequisites:
-- Participation in the Windows Insider Program
+- Participate in the Windows Insider Program or update to Windows 10 October 2018 Update (version 1809)
- Minimum Windows 10 build 17701
- Admin privileges on your PC account
-- A valid MSA alias (to access the app from the Store)
-
-## What's new
-v1.2018.915.0
-- Updated UI to improve clarity and experience
-- Ability to generate a template file for use with a command line
-- Ability to add/remove entry points
-- Ability to sign your package from package editor
-- File extension handling
-
-v1.2018.821.0
-- Command Line Support
-- Ability to use existing local virtual machines for packaging environment.
-- Ability to cross check publisher information in the manifest with a signing certificate to avoid signing issues.
-- Minor updates to the UI for added clarity.
-
-v1.2018.807.0
-- Ability to add/edit/remove file and registry exclusion items is now supported in Settings menu.
-- Fixed an issue where signing with password protected certificates would fail in the tool.
-- Fixed an issue where the tool was crashing when editing an existing MSIX package.
-- Fixed an issue where the tool was injecting whitespaces programmatically to install location paths that was causing conversion failures.
-- Minor UI tweaks to add clarity.
-- Minor updates to the logs to add clarity.
-
+- A valid Micorsoft account (MSA) alias to access the app from the Store
## Installing the MSIX Packaging Tool
@@ -51,7 +28,7 @@ v1.2018.807.0
2. Open the product description page.
3. Click the install icon to begin installation.
-This is an early preview build and not all features are supported. Here is what you can expect to be able to do with this preview:
+Here is what you can expect to be able to do with this tool:
- Package your favorite application installer interactively (msi, exe, App-V 5.x and ClickOnce) to MSIX format by launching the tool and selecting **Application package** icon.
- Create a modification package for a newly created Application MSIX Package by launching the tool and selecting the **Modification package** icon.
@@ -99,7 +76,8 @@ Requirements:
AllowTelemetry="true"
ApplyAllPrepareComputerFixes="true"
GenerateCommandLineFile="true"
- AllowPromptForPassword="false" >
+ AllowPromptForPassword="false"
+ EnforceMicrosoftStoreVersioningRequirements="false">
Supported operations are Get, Add, and Replace.
**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
- Optional. Used to specify whtether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
+ Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
The data type is int. Valid values:
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 350ea6ad5e..bac0f13074 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2744,11 +2744,17 @@ The following list shows the configuration service providers supported in Window
- [DMAcc CSP](dmacc-csp.md)
- [DMClient CSP](dmclient-csp.md)
- [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
+- [HealthAttestation CSP](healthattestation-csp.md)
+- [NetworkProxy CSP](networkproxy-csp.md)
- [Policy CSP](policy-configuration-service-provider.md)
- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
+- [Reboot CSP](reboot-csp.md)
+- [RemoteWipe CSP](remotewipe-csp.md) 1
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
+- [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
- [Update CSP](update-csp.md)
- [VPNv2 CSP](vpnv2-csp.md)
- [WiFi CSP](wifi-csp.md)
-
+ Footnotes:
+- 1 - Added in Windows 10, version 1809
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index 84e3a07225..82cf5ef7d9 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -1,5 +1,5 @@
---
-title: Device update management
+title: Mobile device management MDM for device updates
description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology.
ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
keywords: mdm,management,administrator
@@ -12,7 +12,7 @@ ms.date: 11/15/2017
---
-# Device update management
+# Mobile device management (MDM) for device updates
>[!TIP]
>If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq).
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 4d654c47d2..9842a88a1e 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -332,11 +332,11 @@ Sample syncxml to provision the firewall settings to evaluate
Value type is bool. Supported operations are Add, Get, Replace, and Delete. Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format. Specifies the list of authorized local users for this rule. This is a string in Security Descriptor Definition Language (SDDL) format. Value type is string. Supported operations are Add, Get, Replace, and Delete. Provides information about the specific verrsion of the rule in deployment for monitoring purposes. Provides information about the specific version of the rule in deployment for monitoring purposes. Value type is string. Supported operation is Get.
\
|
- | **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**
|
+ | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**
|
+ | **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**
\
|
+ | **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**
+
**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
-### Use a provisioning package
-
-With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device.
-
->[!IMPORTANT]
->If you are using a local account as a kiosk account in Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
-
-1. Open Windows Configuration Designer and select **Provision Kiosk devices**.
-
-2. Name your project, and click **Next**.
-
-3. [Set up a kiosk](https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#set-up-a-kiosk-using-the-kiosk-wizard-in-windows-configuration-designer).
-
-4. Switch to the advanced editor and navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
-
- | | |
- |---|---|
- | **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**
|
- | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**
|
- | **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**
\
|
- | **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**
Interactive signage** | **Public browsing
single-app** | **Public browsing
multi-app** | **Normal
mode** |
|------------------|:---------:|:---------:|:---------:|:---------:|
-| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
-| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
-| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
-| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
-| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
-| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
-| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
-| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
-| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
-| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | 2 |  |  |  |
-| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
-| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
-| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | 1 |  |
-| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
-| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
-| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
-| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
-| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
-| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
-| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
-| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
-| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
-| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
-| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
-| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
-| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
-| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
-| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
-| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
-| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
-| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
-| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
-| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
-| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
-| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
+| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
+| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
+| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
+| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
+| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
+| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
+| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
+| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
+| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
+| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | 2 |  |  |  |
+| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
+| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
+| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | 1 |  |
+| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
+| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
+| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
+| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
+| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
+| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
+| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
+| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
+| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
+| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
+| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
+| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
+| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
+| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
+| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
+| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
+| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
+| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
+| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
+| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
+| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
+| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
-| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
-| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | 1 |  |
-| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
-| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
-| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
-| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
-| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
-| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
-| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
-| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
-| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
-| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
-| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
-| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
-| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | 1 |  |
-| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
-| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
-| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
-| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | 1 |  |
-| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | 1 |  |
-| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
-| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
+| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
+| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | 1 |  |
+| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
+| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
+| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
+| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
+| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
+| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
+| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
+| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
+| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
+| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
+| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
+| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | 1 |  |
+| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
+| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
+| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
+| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | 1 |  |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | 1 |  |
+| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
+| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
---
*\* New policy as of Windows 10, version 1809.*
-*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
+*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
**Legend:**
@@ -301,7 +264,6 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
- **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
-- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
---
@@ -316,19 +278,20 @@ To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Micro
## Feature comparison of kiosk mode and kiosk browser app
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
-| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
+| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** |
|---------------|:----------------:|:---------------:|
| Print support |  |  |
-| Multi-tab support |  |  |
-| Allow URL support | 
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education |
---
**\*Windows Defender Firewall** Enable account management if you want to configure settings on this page. **If enabled:**You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the deviceTo enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.**Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.To create a local administrator account, select that option and enter a user name and password. **Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.   You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)**Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application.   To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.   You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts.In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.   You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.)In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.   On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.  You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device. 
For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index ae8d42c8ee..ff12b64898 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -30,7 +30,7 @@ Enter the account and the application you want to use for Assigned access, using
**Example**:
```
-"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"
+{"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}
```
## MultiAppAssignedAccessSettings
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md
index 00f8037780..b22277a8f5 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/windows-10-start-layout-options-and-policies.md
@@ -20,7 +20,7 @@ ms.date: 06/19/2018
- Windows 10
-> **Looking for consumer information?** See [Customize the Start menu](https://windows.microsoft.com/windows-10/getstarted-see-whats-on-the-menu)
+> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Pro, Enterprise, or Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default.
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index ded250b312..6ea42e8bc1 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -21,7 +21,7 @@ This topic provides a brief overview of Microsoft 365 and describes how to use a
[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://products.office.com/business/explore-office-365-for-business), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS).
-For Windows 10 deployment, Microsoft 365 includes a fantasic deployment advisor that can walk you through the entire process of deploying Windows 10. The wizard supports multiple Windows 10 deployment methods, including:
+For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor that can walk you through the entire process of deploying Windows 10. The wizard supports multiple Windows 10 deployment methods, including:
- Windows Autopilot
- In-place upgrade
diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md
index 3e28db2683..890e0c33bb 100644
--- a/windows/deployment/update/device-health-using.md
+++ b/windows/deployment/update/device-health-using.md
@@ -57,7 +57,7 @@ Clicking the header of the Frequently Crashing Devices blade opens a reliability
Notice the filters in the left pane; they allow you to filter the crash rate shown to a particular operating system version, device model, or other parameter.
>[!NOTE]
->Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that that version has a low crash rate.
+>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that the version has a low crash rate.
>[!TIP]
>Once you've applied a filter (for example setting OSVERSION=1607) you will see the query in the text box change to append the filter (for example, with “(OSVERSION=1607)”). To undo the filter, remove that part of the query in the text box and click the search button to the right of the text box to run the adjusted query.”
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index ae2fc715ad..47764a02e8 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -45,3 +45,5 @@ Typically, the improvements are reliability, security, and performance improveme
* Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
* Installing servicing stack update does not require restarting the device, so installation should not be disruptive.
* Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
+* Search to install latest available (Servicing stack update for Windows 10)[https://support.microsoft.com/en-us/search?query=servicing%20stack%20update%20Windows%2010].
+
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 9cfb7ab6bf..3e82500cc3 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -74,7 +74,7 @@ As part of the alignment with Windows 10 and Office 365 ProPlus, we are adopting
* Long-Term Servicing Channel - The Long-Term Servicing Branch (LTSB) will be referred to as Long-Term Servicing Channel (LTSC).
>[!IMPORTANT]
->With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion, regardless of the "Targeted" designation. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. For nmore information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747).
+>With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion, regardless of the "Targeted" designation. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. For more information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747).
>[!NOTE]
>For additional information, see the section about [Servicing Channels](#servicing-channels).
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index c7518d3e77..30f586c3f1 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
-ms.date: 10/01/2018
+ms.date: 10/08/2018
ms.localizationpriority: medium
---
@@ -53,7 +53,7 @@ To enable data sharing, configure your proxy server to whitelist the following e
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
-| `https://login.live.com` | This end-point is required by Device Health to ensure data integrity and provides a more reliable device identity for all Windows Analtyics solutions on Windows 10. Those who wish to disable end-user MSA access should do so by applying [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) rather than blocking this end-point. |
+| `https://login.live.com` | This endpoint is required by Device Health to ensure data integrity and provides a more reliable device identity for all of the Windows Analytics solutions on Windows 10. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md
index e5eab8199a..35d32c83e9 100644
--- a/windows/deployment/upgrade/upgrade-readiness-get-started.md
+++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
-ms.date: 09/26/2018
+ms.date: 10/10/2018
ms.localizationpriority: medium
---
@@ -45,7 +45,7 @@ Upgrade Readiness is offered as a *solution* which you link to a new or existing
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
>[!NOTE]
- > Upgrade Readiness is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
+ > Upgrade Readiness is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution.
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
index d494ef7054..1632f15877 100644
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/18
---
diff --git a/windows/deployment/windows-autopilot/configure-autopilot.md b/windows/deployment/windows-autopilot/configure-autopilot.md
index 320afb60dd..7bdfb8857c 100644
--- a/windows/deployment/windows-autopilot/configure-autopilot.md
+++ b/windows/deployment/windows-autopilot/configure-autopilot.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/18
---
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index ca44b1c9f9..17268284ab 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
+author: greg-lindsay
ms.author: greg-lindsay
ms.date: 07/13/18
---
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
index 2f7e82b15e..8577555397 100644
--- a/windows/deployment/windows-autopilot/enrollment-status.md
+++ b/windows/deployment/windows-autopilot/enrollment-status.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/rip-and-replace.md b/windows/deployment/windows-autopilot/existing-devices.md
similarity index 62%
rename from windows/deployment/windows-autopilot/rip-and-replace.md
rename to windows/deployment/windows-autopilot/existing-devices.md
index 0f85771ec9..be48f47d26 100644
--- a/windows/deployment/windows-autopilot/rip-and-replace.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -1,19 +1,19 @@
----
-title: Rip and Replace
-description: Listing of Autopilot scenarios
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: low
-ms.sitesec: library
-ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
-ms.date: 06/01/2018
----
-
-# Rip and replace
-
-**Applies to: Windows 10**
-
-DO NOT PUBLISH. Just a placeholder for now, coming with 1809.
\ No newline at end of file
+---
+title: Autopilot for existing devices
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: low
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greglin
+ms.date: 10/11/2018
+---
+
+# Autopilot for existing devices
+
+**Applies to: Windows 10**
+
+Placeholder. Content coming.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md
index 4868e24cd2..4b3d210f36 100644
--- a/windows/deployment/windows-autopilot/profiles.md
+++ b/windows/deployment/windows-autopilot/profiles.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/18
---
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index deba1e8e5e..5e6d1bd137 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
index 2ea0af92da..d03b5ca36e 100644
--- a/windows/deployment/windows-autopilot/troubleshooting.md
+++ b/windows/deployment/windows-autopilot/troubleshooting.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/user-driven-aad.md b/windows/deployment/windows-autopilot/user-driven-aad.md
index 91d9bbf472..1310d1aab1 100644
--- a/windows/deployment/windows-autopilot/user-driven-aad.md
+++ b/windows/deployment/windows-autopilot/user-driven-aad.md
@@ -7,13 +7,13 @@ ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
-ms.date: 06/01/2018
+author: greg-lindsay
+ms.author: greglin
+ms.date: 10/11/2018
---
# Windows Autopilot user-driven mode for Azure Active Directory
**Applies to: Windows 10**
-DO NOT PUBLISH. This eventually will contain the AAD-specific instuctions currently in user-driven.md.
+Placeholder. Content coming.
diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md
index 091783afa4..8a55a84cc1 100644
--- a/windows/deployment/windows-autopilot/user-driven-hybrid.md
+++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md
@@ -7,9 +7,9 @@ ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
-ms.date: 06/01/2018
+author: greg-lindsay
+ms.author: greglin
+ms.date: 10/11/2018
---
@@ -17,4 +17,4 @@ ms.date: 06/01/2018
**Applies to: Windows 10**
-DO NOT PUBLISH. This eventually will contain the AD-specific (hybrid) instuctions. This will be in preview at a later point in time.
+Placeholder. Content coming.
diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md
index bb9b722bb6..b3ffeb0cd7 100644
--- a/windows/deployment/windows-autopilot/user-driven.md
+++ b/windows/deployment/windows-autopilot/user-driven.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-10-autopilot.md b/windows/deployment/windows-autopilot/windows-10-autopilot.md
index 810bdf70be..33f04c305b 100644
--- a/windows/deployment/windows-autopilot/windows-10-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-10-autopilot.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 08/22/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
index 919b0f5efa..7cdf271f76 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
index 8cd71d80c3..c14fc72ee3 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
index 6ed585912e..d44ee7fbfe 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
index 1ffd9e4582..237de23838 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
index b8259e9016..2d8e2d0506 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
index 7efd53c9f0..8b900be698 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
index 4417198067..8cd3d090a5 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index b832512df1..619ad5926c 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index 39eb571f2a..01cad0042d 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
-author: coreyp-at-msft
-ms.author: coreyp
+author: greg-lindsay
+ms.author: greglin
ms.date: 06/01/2018
---
diff --git a/windows/hub/index.md b/windows/hub/index.md
index 531d071af4..16c86b4a0f 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -71,10 +71,12 @@ The Windows 10 operating system introduces a new way to build, deploy, and servi
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
+- [Read how much space does Windows 10 take](https://www.microsoft.com/en-us/windows/windows-10-specifications)
## Related topics
[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
+
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index 3c72b3297d..9a9140a764 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -334,7 +334,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -670,7 +670,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -4388,7 +4388,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 2a059112f5..f1ca2eae5e 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -9,7 +9,7 @@ ms.pagetype: security
localizationpriority: high
author: brianlic-msft
ms.author: brianlic
-ms.date: 09/10/2018
+ms.date: 10/10/2018
---
@@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -76,9 +77,9 @@ The following fields are available:
- **SystemProcessorNx** The count of the number of this particular object type present on this device.
- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine.
- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine.
-- **SystemTouch** The count of SystemTouch objects present on this machine.
+- **SystemTouch** The count of the number of this particular object type present on this device.
- **SystemWim** The count of SystemWim objects present on this machine.
-- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine.
+- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
- **SystemWlan** The count of the number of this particular object type present on this device.
- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
@@ -358,7 +359,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -705,7 +706,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -1544,14 +1545,14 @@ This event provides information on about security settings used to help keep Win
The following fields are available:
- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
-- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
+- **CGRunning** Is Credential Guard running?
- **DGState** This field summarizes the Device Guard state.
- **HVCIRunning** Is HVCI running?
- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
-- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
-- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
+- **SecureBootCapable** Is this device capable of running Secure Boot?
+- **VBSState** Is virtualization-based security enabled, disabled, or running?
### Census.Speech
@@ -2956,6 +2957,19 @@ The following fields are available:
## Sediment events
+### Microsoft.Windows.Sediment.Info.DetailedState
+
+This event is sent when detailed state information is needed from an update trial run.
+
+The following fields are available:
+
+- **Data** Data relevant to the state, such as what percent of disk space the directory takes up.
+- **Id** Identifies the trial being run, such as a disk related trial.
+- **ReleaseVer** The version of the component.
+- **State** The state of the reporting data from the trial, such as the top-level directory analysis.
+- **Time** The time the event was fired.
+
+
### Microsoft.Windows.Sediment.OSRSS.UrlState
This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL.
@@ -3579,14 +3593,14 @@ The following fields are available:
- **BIOSVendor** The vendor of the BIOS.
- **BiosVersion** The version of the BIOS.
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install?
+- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install.
- **BundleRevisionNumber** Identifies the revision number of the content bundle.
- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
- **ClientVersion** The version number of the software distribution client.
- **CSIErrorType** The stage of CBS installation where it failed.
-- **CurrentMobileOperator** Mobile operator that device is currently connected to.
-- **DeviceModel** What is the device model.
+- **CurrentMobileOperator** The mobile operator to which the device is currently connected.
+- **DeviceModel** The device model.
- **DriverPingBack** Contains information about the previous driver and system state.
- **EventInstanceID** A globally unique identifier for event instance.
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
@@ -3602,21 +3616,21 @@ The following fields are available:
- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update?
-- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process?
-- **IsFirmware** Is this update a firmware update?
-- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart?
+- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether this update is a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
- **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device?
- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
-- **MergedUpdate** Was the OS update and a BSP update merged for installation?
+- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
- **MsiAction** The stage of MSI installation where it failed.
- **MsiProductCode** The unique identifier of the MSI installer.
- **PackageFullName** The package name of the content being installed.
- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced.
-- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdatePause** Are quality OS updates paused on the device?
+- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install.
+- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install.
- **RevisionNumber** The revision number of this specific piece of content.
- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.).
- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
@@ -3626,8 +3640,8 @@ The following fields are available:
- **SystemBIOSMinorRelease** Minor version of the BIOS.
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** The ID which represents a given MSI installation
-- **UpdateId** Unique update ID
+- **TransactionCode** The ID that represents a given MSI installation.
+- **UpdateId** Unique update ID.
- **UpdateID** An identifier associated with the specific piece of content.
- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
@@ -3995,7 +4009,7 @@ The following fields are available:
- **ScenarioId** Indicates the update scenario.
- **SessionId** Unique value for each update attempt.
- **SetupMode** Mode of setup to be launched.
-- **UpdateId** Unique ID for each update.
+- **UpdateId** Unique ID for each Update.
- **UserSession** Indicates whether install was invoked by user actions.
@@ -4014,7 +4028,7 @@ The following fields are available:
- **CV** Correlation vector.
- **DetectorVersion** Most recently run detector version for the current campaign.
- **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user.
-- **key1** Interaction data for the UI
+- **key1** UI interaction data
- **key10** UI interaction data
- **key11** UI interaction data
- **key12** UI interaction data
@@ -4025,7 +4039,7 @@ The following fields are available:
- **key17** UI interaction data
- **key18** UI interaction data
- **key19** UI interaction data
-- **key2** Interaction data for the UI
+- **key2** UI interaction data
- **key20** UI interaction data
- **key21** Interaction data for the UI
- **key22** UI interaction data
@@ -4036,13 +4050,13 @@ The following fields are available:
- **key27** UI interaction data
- **key28** UI interaction data
- **key29** UI interaction data
-- **key3** Interaction data for the UI
+- **key3** UI interaction data
- **key30** UI interaction data
-- **key4** Interaction data for the UI
+- **key4** UI interaction data
- **key5** UI interaction data
- **key6** UI interaction data
-- **key7** Interaction data for the UI
-- **key8** Interaction data for the UI
+- **key7** UI interaction data
+- **key8** UI interaction data
- **key9** UI interaction data
- **PackageVersion** Current package version of the update notification.
- **schema** UI interaction type.
@@ -4194,9 +4208,9 @@ The following fields are available:
- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
-- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
-- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
- **TestId** A string to uniquely identify a group of events.
- **WuId** Windows Update client ID.
@@ -4352,7 +4366,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@@ -4388,17 +4402,17 @@ This event provides the results from the WaaSMedic engine
The following fields are available:
- **detectionSummary** Result of each applicable detection that was run.
-- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
+- **featureAssessmentImpact** Windows as a Service (WaaS) Assessment impact on feature updates
- **hrEngineResult** Indicates the WaaSMedic engine operation error codes
-- **insufficientSessions** Device not eligible for diagnostics.
-- **isManaged** Device is managed for updates.
-- **isWUConnected** Device is connected to Windows Update.
-- **noMoreActions** No more applicable diagnostics.
-- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
+- **insufficientSessions** True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise
+- **isManaged** Indicates the device is managed for updates
+- **isWUConnected** Indicates the device is connected to Windows Update
+- **noMoreActions** All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions
+- **qualityAssessmentImpact** Windows as a Service (WaaS) Assessment impact for quality updates
- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
-- **usingBackupFeatureAssessment** Relying on backup feature assessment.
-- **usingBackupQualityAssessment** Relying on backup quality assessment.
-- **versionString** Version of the WaaSMedic engine.
+- **usingBackupFeatureAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client
+- **usingBackupQualityAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client
+- **versionString** Installed version of the WaaSMedic engine
## Windows Store events
@@ -4667,9 +4681,9 @@ FulfillmentComplete event is fired at the end of an app install or update. We us
The following fields are available:
- **FailedRetry** Tells us if the retry for an install or update was successful or not.
-- **HResult** Resulting HResult error/success code of this call
-- **PFN** Package Family Name of the app that being installed or updated
-- **ProductId** Product Id of the app that is being updated or installed
+- **HResult** The HResult code of the operation.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **ProductId** The product ID of the app that is being updated or installed.
### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
@@ -5028,14 +5042,14 @@ This event collects information regarding the install phase of the new device ma
The following fields are available:
-- **errorCode** The error code returned for the current install phase
-- **flightId** The unique identifier for each flight
-- **objectId** Unique value for each Update Agent mode
-- **relatedCV** Correlation vector value generated from the latest scan
-- **result** Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
-- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **sessionId** Unique value for each Update Agent mode attempt
-- **updateId** Unique ID for each update
+- **errorCode** The error code returned for the current install phase.
+- **flightId** Unique ID for each flight.
+- **objectId** Unique value for each diagnostics session.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Outcome of the install phase of the update.
+- **scenarioId** Indicates the update scenario.
+- **sessionId** Unique value for each update session.
+- **updateId** Unique ID for each Update.
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
@@ -5108,7 +5122,7 @@ The following fields are available:
- **interactive** Indicates whether the session was user initiated.
- **revisionNumber** Update revision number.
- **updateId** Update ID.
-- **updateScenarioType** Device ID
+- **updateScenarioType** Update Session type
- **wuDeviceid** Device ID
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index df5f2eb5b0..404f217af2 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -369,7 +369,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -701,7 +701,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -4538,7 +4538,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
-- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index 0089755870..f840faba43 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -666,7 +666,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
-This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+This event indicates that the DecisionApplicationFile object is no longer present.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -1013,7 +1013,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
-This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md
index 3743dc7b3b..3dd67f4b7e 100644
--- a/windows/privacy/windows-personal-data-services-configuration.md
+++ b/windows/privacy/windows-personal-data-services-configuration.md
@@ -123,7 +123,7 @@ This setting determines whether a device shows notifications about Windows diagn
### Configure telemetry opt-in setting user interface
-This setting determines whether people can change their own Windows diagnostic data level in in *Start > Settings > Privacy > Diagnostics & feedback*.
+This setting determines whether people can change their own Windows diagnostic data level in *Start > Settings > Privacy > Diagnostics & feedback*.
#### Group Policy
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 97f8ceee36..f33d7bbf02 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -131,7 +131,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
## Review
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
+* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index bbc808feae..f9c8f46088 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -104,7 +104,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
## Review
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
+* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md
index 2853e95b50..d1af453ff6 100644
--- a/windows/security/information-protection/TOC.md
+++ b/windows/security/information-protection/TOC.md
@@ -48,7 +48,7 @@
### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md)
### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md)
#### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md)
-#### [Unenlightened and enlightened app behavior while using WI)](windows-information-protection\app-behavior-with-wip.md)
+#### [Unenlightened and enlightened app behavior while using WIP](windows-information-protection\app-behavior-with-wip.md)
#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md)
#### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md)
### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md)
diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md
index 5c7a8d5795..8d7bde1868 100644
--- a/windows/security/information-protection/index.md
+++ b/windows/security/information-protection/index.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
-ms.date: 09/17/2018
+ms.date: 10/10/2018
---
# Information protection
@@ -16,7 +16,7 @@ Learn more about how to secure documents and other data across your organization
| Section | Description |
|-|-|
| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
-| [Encrypted Hard Drive](bitlocker/bitlocker-overview.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
+| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index a55901c0ac..3f71393153 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -19,7 +19,7 @@ Drive-by DMA attacks can lead to disclosure of sensitive information residing on
This feature does not protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on.
-For Thunderbolt DMA protection on earlier Windows versions and other platforms that lack support for Kernel DMA Protection, please refer to Intel documentation.
+For Thunderbolt DMA protection on earlier Windows versions and other platforms that lack support for Kernel DMA Protection, please refer to [Intel Thunderbolt™ 3 Security documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf).
## Background
@@ -75,12 +75,14 @@ Systems running Windows 10 version 1803 that do support Kernel DMA Protection do
- Turn on Intel Virtualization Technology.
- Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).
- Reboot system into Windows 10.
-4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature.
+4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature.
+
+For systems that do not support Kernel DMA Protection, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
## Frequently asked questions
### Do in-market systems support Kernel DMA Protection for Thunderbolt™ 3?
-In market systems, released with Windows 10 version 1709 or earlier, will not support Kernel DMA Protection for Thunderbolt™ 3 after upgrading to Windows 10 version 1803, as this feature requires the BIOS/platform firmware changes and guarantees.
+In market systems, released with Windows 10 version 1709 or earlier, will not support Kernel DMA Protection for Thunderbolt™ 3 after upgrading to Windows 10 version 1803, as this feature requires the BIOS/platform firmware changes and guarantees. For these systems, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
### Does Kernel DMA Protection prevent drive-by DMA attacks during Boot?
No, Kernel DMA Protection only protects against drive-by DMA attacks after the OS is loaded. It is the responsibility of the system firmware/BIOS to protect against attacks via the Thunderbolt™ 3 ports during boot.
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index 1ff26cb46d..1cc72bd01d 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -75,7 +75,7 @@ The adoption of new authentication technology requires that identity providers a
Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
-• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that that manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
+• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
• **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 1c8b475572..ed7d4a50ad 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -136,4 +136,4 @@ This table includes info about how enlightened apps might behave, based on your
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
index c554266f44..06c6f03b54 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
@@ -70,4 +70,4 @@ After you’ve created your VPN policy, you'll need to deploy it to the same gro
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
index 990c0c34c4..faaddea437 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
@@ -113,7 +113,7 @@ The final step to making your VPN configuration work with WIP, is to link your t
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 06be6ec2fb..56622e9a92 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -546,4 +546,4 @@ Optionally, if you don’t want everyone in your organization to be able to shar
- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
index d75ea228ef..6593dc47a3 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
@@ -476,4 +476,4 @@ After you've decided where your protected apps can access enterprise data on you
- [What is Azure Rights Management?]( https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms)
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index d686c6df22..3ff66496cf 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
author: justinha
ms.localizationpriority: medium
-ms.date: 09/11/2017
+ms.date: 10/15/2018
---
# Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
@@ -22,19 +22,17 @@ After you’ve created your Windows Information Protection (WIP) policy, you'll
**To deploy your WIP policy**
-1. On the **App policy** pane, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**.
-
- A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** pane.
+1. On the **App protection policies** pane, click your newly-created policy, click **Assignments**, and then select groups to include or exclude from the policy.
2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
- The policy is deployed to the selected users' devices.
+ The policy is deployed to the selected users' devices.
- 
+ 
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
## Related topics
- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md
index 26b5ff9472..6d41dd0d2a 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md
@@ -35,7 +35,7 @@ The added people move to the **Selected Groups** list on the right-hand pane.
The policy is deployed to the selected users' devices.
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
## Related topics
- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 6f95d45d7a..52503527a1 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: justinha
ms.localizationpriority: medium
-ms.date: 10/05/2018
+ms.date: 10/11/2018
---
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
@@ -32,7 +32,7 @@ Apps can be enlightened or unenlightened:
- Windows **Save As** experiences only allow you to save your files as enterprise.
-- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions.
+- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode.
## List of enlightened Microsoft apps
Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
@@ -97,4 +97,4 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index 8e0e18f98a..f02c43a630 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -29,4 +29,4 @@ This section includes info about the enlightened Microsoft apps, including how t
|[Using Outlook on the web with Windows Information Protection (WIP)](using-owa-with-wip.md) |Options for using Outlook on the web with Windows Information Protection (WIP). |
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
index d6e203d6de..67d918b484 100644
--- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
author: justinha
ms.localizationpriority: medium
-ms.date: 10/04/2018
+ms.date: 10/12/2018
---
# How Windows Information Protection protects files with a sensitivity label
@@ -29,7 +29,7 @@ Microsoft information protection technologies include:
- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
-- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps.
+- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps.
- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
@@ -50,7 +50,7 @@ For more information about labels, see [Overview of labels](https://docs.microso
## Use cases
-This sections covers how WIP works with sensitivity labels in specific use cases.
+This section covers how WIP works with sensitivity labels in specific use cases.
### User downloads from or creates a document on a work site
@@ -60,7 +60,7 @@ If the document also has a sensitivity label, which can be Office or PDF files,
### User downloads a confidential Office or PDF document from a personal site
-Windows Defender ATP scans for any file that gets modified or created, including files that were created on a personal site.
+Windows Defender Advanced Threat Protection (Windows Defender ATP) scans for any file that gets modified or created, including files that were created on a personal site.
If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site.
For example:
@@ -74,9 +74,11 @@ The PDF file doesn't need any work context beyond the sensitivity label.
## Prerequisites
- Windows 10, version 1809
-- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
+- [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
-- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
+- WIP policy needs to be applied to endpoint devices by using [Intune](create-wip-policy-using-intune-azure.md) or [System Center Configuration Manager (SCCM)](overview-create-wip-policy-sccm.md).
+
+
diff --git a/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png b/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png
index cf48ea50fc..12d4f6eefd 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png and b/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png
index 08afdf96b5..f453431070 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-in-oms-console-link.png b/windows/security/information-protection/windows-information-protection/images/wip-in-oms-console-link.png
index e0dc52bd86..fdbc950c9e 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-in-oms-console-link.png and b/windows/security/information-protection/windows-information-protection/images/wip-in-oms-console-link.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png
index 4f5a81b9a2..926a3c4473 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png and b/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png differ
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index accb65ae90..c1b8b5a716 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -33,4 +33,4 @@ This list provides all of the tasks and settings that are required for the opera
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index 6ebcf8b468..80629be64c 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -147,4 +147,4 @@ After deciding to use WIP in your enterprise, you need to:
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index f9318f3384..fda5027ad2 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -170,4 +170,4 @@ You can try any of the processes included in these scenarios, but you should foc
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
index 429aa1c479..0f59fcfe7b 100644
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@@ -8,9 +8,10 @@ ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
ms.pagetype: security
-author: coreyp-at-msft
+author: justinha
+ms.author: justinha
ms.localizationpriority: medium
-ms.date: 08/08/2018
+ms.date: 10/15/2018
---
# Fine-tune Windows Information Protection (WIP) with WIP Learning
@@ -27,19 +28,17 @@ In the **Website learning report**, you can view a summary of the devices that h
## Access the WIP Learning reports
-1. Open the [Azure portal](http://portal.azure.com/). Choose **All services**. Type **Intune** in the text box filter.
+1. Open the [Azure portal](http://portal.azure.com/).
-2. Choose **Intune** > **Mobile Apps**.
+1. Click **All services**, type **Intune** in the text box filter, and click the star to add it to **Favorites**.
-3. Choose **App protection status**.
+1. Click **Intune** > **Client apps** > **App protection status** > **Reports**.
-4. Choose **Reports**.
+ 
- 
+1. Select either **App learning report for Windows Information Protection** or **Website learning report for Windows Information Protection**.
-5. Finally, select either **App learning report for Windows Information Protection**, or **Website learning report for Windows Information Protection**.
-
- 
+ 
Once you have the apps and websites showing up in the WIP Learning logging reports, you can decide whether to add them to your app protection policies. Next, we'll look at how to do that in Operations Management Suite (OMS).
@@ -98,4 +97,4 @@ Here, you can copy the **WipAppid** and use it to adjust your WIP protection pol
When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes)
>[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e317707977..81e46aca83 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -17,10 +17,6 @@
#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-##### [Incidents queue](windows-defender-atp/incidents-queue.md)
-###### [View and organize the Incidents queue](windows-defender-atp/view-incidents-queue.md)
-###### [Manage incidents](windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md)
-###### [Investigate incidents](windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md)
@@ -551,10 +547,10 @@
#### [Software developer FAQ](intelligence/developer-faq.md)
#### [Software developer resources](intelligence/developer-resources.md)
-## Certifications
+## Windows Certifications
-### [FIPS 140 Validation](fips-140-validation.md)
-### [Windows Platform Common Criteria Certification](windows-platform-common-criteria.md)
+### [FIPS 140 Validations](fips-140-validation.md)
+### [Common Criteria Certifications](windows-platform-common-criteria.md)
## More Windows 10 security
@@ -612,6 +608,7 @@
##### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
##### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
###### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
+###### [How to list XML elements in
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash of an account was accessed.”
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | No | No | No | No | The only event which is generated on Member Servers is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | No | No | No | No | The only event which is generated on Workstations is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:**
-- [4782](event-4782.md)(S): The password hash an account was accessed.
+- [4782](event-4782.md)(S): The password hash of an account was accessed.
- [4793](event-4793.md)(S): The Password Policy Checking API was called.
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index 686af7ea86..5459b8a5c7 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -23,7 +23,7 @@ ms.date: 04/19/2017
***Event Description:***
-This event is generated when a user reconnects to an existing Terminal Services session, or when a user switches to an existing desktop using [Fast User Switching](https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/fast_user_switching.mspx?mfr=true).
+This event is generated when a user reconnects to an existing Terminal Services session, or when a user switches to an existing desktop using [Fast User Switching](https://docs.microsoft.com/en-us/windows-hardware/drivers/display/fast-user-switching).
This event also generates when user reconnects to virtual host Hyper-V Enhanced Session, for example.
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index b41a078e08..7139478b3a 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -1,6 +1,6 @@
---
-title: 4782(S) The password hash an account was accessed. (Windows 10)
-description: Describes security event 4782(S) The password hash an account was accessed.
+title: 4782(S) The password hash of an account was accessed. (Windows 10)
+description: Describes security event 4782(S) The password hash of an account was accessed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ author: Mir0sh
ms.date: 04/19/2017
---
-# 4782(S): The password hash an account was accessed.
+# 4782(S): The password hash of an account was accessed.
**Applies to**
- Windows 10
@@ -108,7 +108,7 @@ Typically **“Subject\\Security ID”** is the SYSTEM account.
## Security Monitoring Recommendations
-For 4782(S): The password hash an account was accessed.
+For 4782(S): The password hash of an account was accessed.
- Monitor for all events of this type, because any actions with account’s password hashes should be planned. If this action was not planned, investigate the reason for the change.
diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
new file mode 100644
index 0000000000..ae61b4a7e5
--- /dev/null
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@@ -0,0 +1,84 @@
+---
+title: How to get a list of XML elements in
-
@@ -55,11 +55,12 @@ The attack surface reduction set of capabilities provide the first line of defen
**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**
To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
-- [Windows Defender Antivirus](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-- [Machine learning](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+- [Behavior monitoring](/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus)
+- [Cloud-based protection](/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus)
+- [Machine learning](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+- [URL Protection](/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus)
- [Automated sandbox service](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
-
**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**
@@ -111,8 +112,8 @@ Integrate Windows Defender Advanced Threat Protection into your existing workflo
-**[Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)**
-Bring the power of Microsoft threat protection to your organization.
+**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)**
+Bring the power of Microsoft threat protection to your organization. Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
- [Conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
- [O365 ATP](windows-defender-atp/threat-protection-integration.md)
- [Azure ATP](windows-defender-atp/threat-protection-integration.md)
diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md
index 907f9c9a3a..6a509aa69d 100644
--- a/windows/security/threat-protection/intelligence/safety-scanner-download.md
+++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md
@@ -21,6 +21,8 @@ Safety Scanner only scans when manually triggered and is available for use 10 da
> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/en-us/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection).
+> **NOTE:** Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
+
## System requirements
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/en-us/lifecycle).
diff --git a/windows/security/threat-protection/intelligence/supply-chain-malware.md b/windows/security/threat-protection/intelligence/supply-chain-malware.md
index ce1112d198..31e68f0df4 100644
--- a/windows/security/threat-protection/intelligence/supply-chain-malware.md
+++ b/windows/security/threat-protection/intelligence/supply-chain-malware.md
@@ -17,6 +17,8 @@ Supply chain attacks are an emerging kind of threat that target software develop
## How supply chain attacks work
+[!video https://www.youtube.com/embed/uXm2XNSavwo]
+
Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.
Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.
diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md
index 6ba6ba9440..c63043dc53 100644
--- a/windows/security/threat-protection/intelligence/support-scams.md
+++ b/windows/security/threat-protection/intelligence/support-scams.md
@@ -40,7 +40,7 @@ It is also important to keep the following in mind:
* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
-* Enable Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
+* Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
## What to do if information has been given to a tech support person
@@ -60,4 +60,4 @@ Help Microsoft stop scammers, whether they claim to be from Microsoft or from an
**www.microsoft.com/reportascam**
-You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
\ No newline at end of file
+You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
index b85e285e97..c481a744c3 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: brianlic-msft
-ms.date: 04/19/2017
+ms.date: 10/11/2018
---
# Account Lockout Policy
@@ -22,6 +22,9 @@ Someone who attempts to use more than a few unsuccessful passwords while trying
The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures.
+>[!NOTE]
+>Account lockout settings for remote access clients can be configured separately by editing the Registry on the server that manages the remote access. For more information, see [How to configure remote access client account lockout](https://support.microsoft.com/help/816118/how-to-configure-remote-access-client-account-lockout-in-windows-serve).
+
## In this section
| Topic | Description |
diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
index 1ae321bd87..83b3cbd192 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
@@ -84,11 +84,11 @@ A user who is assigned this user right could increase the scheduling priority of
### Countermeasure
-Verify that only Administrators and and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
+Verify that only Administrators and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
### Potential impact
-None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and and Window Manager/Window Manager Group is the default configuration.
+None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and Window Manager/Window Manager Group is the default configuration.
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index d1ce22572e..702c045b4f 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -24,7 +24,7 @@ Application Guard uses both network isolation and application-specific settings.
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
>[!NOTE]
->You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode.
+>You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode.
|Policy name|Supported versions|Description|
@@ -38,10 +38,13 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|Name|Supported versions|Description|Options|
|-----------|------------------|-----------|-------|
-|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher
Windows 10 Pro, 1803|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
-|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher
**Important**
Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
Windows 10 Pro, 1803|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher
Windows 10 Pro, 1803|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
-|Allow Persistence|Windows 10 Enterprise, 1709 or higher
Windows 10 Pro, 1803|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
|
+|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher
The container environment is reset, retaining only the employee-generated data.
The container environment is reset, including discarding all employee-generated data.
Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
+|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher
**Important**
Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
+|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.
**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
+|Allow Persistence|Windows 10 Enterprise, 1709 or higher
Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
**Disabled or not configured.** All user data within Application Guard is reset between sessions.
**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
|
|Turn on Windows Defender Application Guard in Enterprise Mode|Windows 10 Enterprise, 1709 or higher|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.
The container environment is reset, retaining only the employee-generated data.
The container environment is reset, including discarding all employee-generated data.
**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|
-|Allow files to download to host operating system|Windows 10 Enterprise, 1803|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.
**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.|
-|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, version 1803
(experimental only)|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering.**Important**
**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.
Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
**Note**
This is an experimental feature in Windows 10 Enterprise, version 1803 and will not function without the presence of an additional registry key provided by Microsoft. If you would like to evaluate this feature on deployments of Windows 10 Enterprise, version 1803, please contact Microsoft for further information.|
+|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.
**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.|
+|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, 1803 or higher
Windows 10 Pro, 1803 or higher|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering.**Important**
**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
+|Allow camera and microphone access in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher
Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.
Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Windows Defender Application Guard.|**Enabled.** Applications inside Windows Defender Application Guard are able to access the camera and microphone on the user's device.
**Important**
Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.
**Disabled or not configured.** Applications inside Windows Defender Application Guard are unable to access the camera and microphone on the user's device.|
+|Allow Windows Defender Application Guard to use Root Certificate Authorities from users's device|Windows 10 Enterprise, 1809 or higher
Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Windows Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Multiple certificates can be specified by using a common to separate.
**Disabled or not configured.** Certificates are not shared with Windows Defender Application Guard.
.|
+|Allow users to trust files that open in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.
**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Windows Defender Application Guard.|
diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png
new file mode 100644
index 0000000000..3c1b046b93
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png
new file mode 100644
index 0000000000..78552bf6db
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png
new file mode 100644
index 0000000000..08cb4d5676
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png
new file mode 100644
index 0000000000..9e58d99ead
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
index b05ad26647..e7f9fe2f97 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: justinha
ms.author: justinha
-ms.date: 10/19/2017
+ms.date: 10/16/2018
---
# Application Guard testing scenarios
@@ -66,9 +66,9 @@ Before you can use Application Guard in enterprise mode, you must install Window
-4. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting.
+4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting.
-5. Click **Enabled**.
+5. Click **Enabled** and click **OK**.
@@ -104,10 +104,11 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterpise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803
-**To change the copy and paste options**
-1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard clipboard settings**.
+#### Copy and paste options
-2. Click **Enabled**.
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard clipboard settings**.
+
+2. Click **Enabled** and click **OK**.
@@ -129,10 +130,11 @@ You have the option to change each of these settings to work with your enterpris
5. Click **OK**.
-**To change the print options**
-1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard print** settings.
+#### Print options
-2. Click **Enabled**.
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard print** settings.
+
+2. Click **Enabled** and click **OK**.
@@ -140,10 +142,11 @@ You have the option to change each of these settings to work with your enterpris
4. Click **OK**.
-**To change the data persistence options**
-1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard** setting.
+#### Data persistence options
-2. Click **Enabled**.
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard** setting.
+
+2. Click **Enabled** and click **OK**.
@@ -164,10 +167,11 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterpise edition, version 1803
- Windows 10 Professional edition, version 1803
-**To change the download options**
-1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Allow files to download and save to the host operating system from Windows Defender Application Guard** setting.
+#### Download options
-2. Click **Enabled**.
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow files to download and save to the host operating system from Windows Defender Application Guard** setting.
+
+2. Click **Enabled** and click **OK**.
@@ -177,16 +181,57 @@ You have the option to change each of these settings to work with your enterpris
5. Check to see the file has been downloaded into This PC > Downloads > Untrusted files.
-**To change hardware acceleration options**
-1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard** setting.
+#### Hardware acceleration options
-2. Click **Enabled**.
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard** setting.
+
+2. Click **Enabled** and click **OK**.
-3. Contact Microsoft for further information to fully enable this setting.
+3. Once you have enabled this feature, open Microsoft Edge and browse to an untrusted, but safe URL with video, 3D, or other graphics-intensive content. The website opens in an isolated session.
-4. Once you have fully enabled this experimental feature, open Microsoft Edge and browse to an untrusted, but safe URL with video, 3D, or other graphics-intensive content. The website opens in an isolated session.
+4. Assess the visual experience and battery performance.
-5. Assess the visual experience and battery performance.
+**Applies to:**
+- Windows 10 Enterpise edition, version 1809
+- Windows 10 Professional edition, version 1809
+
+#### File trust options
+
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard** setting.
+
+2. Click **Enabled**, set **Options** to 2, and click **OK**.
+
+ 
+
+3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
+
+4. Open a file in Edge, such an Office 365 file.
+
+5. Check to see that an antivirus scan completed before the file was opened.
+
+#### Camera and microphone options
+
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow camera and microphone access in Windows Defender Application Guard** setting.
+
+2. Click **Enabled** and click **OK**.
+
+ 
+
+3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
+
+4. Open an application with video or audio capability in Edge.
+
+5. Check that the camera and microphone work as expected.
+
+#### Root certificate sharing options
+
+1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the user's device** setting.
+
+2. Click **Enabled**, copy the thumbprint of each certificate to share, separated by a comma, and click **OK**.
+
+ 
+
+3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
index 82a78124e7..0672d19364 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
@@ -20,7 +20,7 @@ ms.date: 09/03/2018
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
-[!include[Prereleaseinformation](prerelease.md)]
+[!include[Prerelease information](prerelease.md)]
You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.
@@ -58,7 +58,7 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs.
>[!NOTE]
> These set of steps are directed towards the MSSP customer.
-> Access to the portal can can only be done by the MSSP customer.
+> Access to the portal can only be done by the MSSP customer.
As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center.
@@ -269,7 +269,7 @@ You'll need to have **Manage portal system settings** permission to whitelist th
You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md).
-- In the ArcSight configuration file / Splunk Authentication Properties file you will have to write your application key manually by settings the secret value.
+- In the ArcSight configuration file / Splunk Authentication Properties file you will have to write your application key manually by settings the secret value.
- Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
## Fetch alerts from MSSP customer's tenant using APIs
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index a6f0c0497c..9f50187aab 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 09/06/2018
+ms.date: 10/09/2018
---
# Onboard servers to the Windows Defender ATP service
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index 123c537dc8..eddf4c93c0 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -10,14 +10,12 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 10/08/2018
---
# Enable SIEM integration in Windows Defender ATP
**Applies to:**
-
-
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -54,7 +52,8 @@ Enable security information and event management (SIEM) integration so you can p
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Windows Defender Security Center.
-
+## Integrate Windows Defender ATP with IBM QRadar
+You can configure IBM QRadar to collect alerts from Windows Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
## Related topics
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..9a0bbc0992
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,77 @@
+---
+title: Get CVE-KB map API
+description: Retrieves a map of CVE's to KB's.
+keywords: apis, graph api, supported apis, get, cve, kb
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get CVE-KB map API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a map of CVE's to KB's and CVE details.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/cvekbmap
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful and map exists - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/CveKbMap
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
+ "@odata.count": 4168,
+ "value": [
+ {
+ "cveKbId": "CVE-2015-2482-3097617",
+ "cveId": "CVE-2015-2482",
+ "kbId":"3097617",
+ "title": "Cumulative Security Update for Internet Explorer",
+ "severity": "Critical"
+ },
+ …
+}
+
+```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1c1cdeda69
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,76 @@
+---
+title: Get KB collection API
+description: Retrieves a collection of KB's.
+keywords: apis, graph api, supported apis, get, kb
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get KB collection API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a collection of KB's and KB details.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/kbinfo
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/KbInfo
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
+ "@odata.count": 271,
+ "value":[
+ {
+ "id": "KB3097617 (10240.16549) Amd64",
+ "release": "KB3097617 (10240.16549)",
+ "publishingDate": "2015-10-16T21:00:00Z",
+ "version": "10.0.10240.16549",
+ "architecture": "Amd64"
+ },
+ …
+}
+```
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2e2a0ae684
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,76 @@
+---
+title: Get RBAC machine groups collection API
+description: Retrieves a collection of RBAC machine groups.
+keywords: apis, graph api, supported apis, get, RBAC, group
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get KB collection API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a collection of RBAC machine groups.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machinegroups
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machinegroups
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+Field id contains machine group **id** and equal to field **rbacGroupId** in machines info.
+Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups",
+ "@odata.count":7,
+ "value":[
+ {
+ "id":86,
+ "name":"UnassignedGroup",
+ "description":"",
+ "ungrouped":true},
+ …
+}
+```
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1402d68f04
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,83 @@
+---
+title: Get machines security states collection API
+description: Retrieves a collection of machines security states.
+keywords: apis, graph api, supported apis, get, machine, security, state
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get Machines security states collection API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a collection of machines security states.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machinesecuritystates
+```
+
+## Request headers
+
+Header | Value
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+Field *id* contains machine id and equal to the field *id** in machines info.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
+ "@odata.count":444,
+ "@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]",
+ "value":[
+ {
+ "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4",
+ "build":14393,
+ "revision":2485,
+ "architecture":"Amd64",
+ "osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809",
+ "propertiesRequireAttention":[
+ "AntivirusNotReporting",
+ "EdrImpairedCommunications"
+ ]
+ },
+ …
+ ]
+}
+```
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-started.md b/windows/security/threat-protection/windows-defender-atp/get-started.md
index ea37ae0629..3018be7cef 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-started.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-started.md
@@ -14,6 +14,10 @@ ms.date: 09/03/2018
---
# Get started with Windows Defender Advanced Threat Protection
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
@@ -40,7 +44,7 @@ Advanced hunting allows you to hunt for possible threats across your organizatio
Integrate Windows Defender Advanced Threat Protection into your existing workflows.
**Microsoft threat protection**
-Bring the power of Microsoft threat protection to your organization.
+Bring the power of Microsoft Threat Protection to your organization.
## In this section
Topic | Description
diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
deleted file mode 100644
index 783f74ac70..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-title: Incidents queue in Windows Defender ATP
-description:
-keywords: incidents, aggregate, investigations, queue, ttp
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 10/08/2018
----
-
-# Incidents queue in Windows Defender ATP
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-[!include[Prerelease information](prerelease.md)]
-
-When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations.
-
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
-
-
-## In this section
-
-Topic | Description
-:---|:---
-[View and organize the Incidents queue](view-incidents-queue.md)| See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
-[Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions.
-[Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)| See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident.
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 596bd63508..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-title: Investigate incidents in Windows Defender ATP
-description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
-keywords: investigate, incident, alerts, metadata, risk, detection source, affected machines, patterns, correlation
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 10/08/2018
----
-
-# Investigate incidents in Windows Defender ATP
-
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-[!include[Prerelease information](prerelease.md)]
-
-Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them.
-
-## Analyze incident details
-Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, machines, investigations, evidence, graph).
-
-
-
-### Alerts
-You can investigate the alerts and see how they were linked together in an incident.
-Alerts are grouped into incidents based on the following reasons:
-- Automated investigation - The automated investigation triggered the linked alert while investigating the original alert
-- File characteristics - The files associated with the alert have similar characteristics
-- Manual association - A user manually linked the alerts
-- Proximate time - The alerts were triggered on the same machine within a certain timeframe
-- Same file - The files associated with the alert are exactly the same
-
-
-
-
-
-You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).
-
-### Machines
-You can also investigate the machines that are part of, or related to, a given incident. For more information, see [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
-
-
-
-### Investigations
-Select **Investigations** to see all the automatic investigations launched by the system in response to the incident alerts.
-
-
-
-## Going through the evidence
-Windows Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident.
-Each of the analyzed entities will be marked as infected, remediated, or suspicious.
-
-
-
-## Visualizing associated cybersecurity threats
-Windows Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
-
-### Incident graph
-The **Graph** tells the story of the cybersecurity attack. For example, it shows you what was the entry point, which indicator of compromise or activity was observed on which machine. etc.
-
-
-
-You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances has there been worldwide, whether it’s been observed in your organization, if so, how many instances.
-
-
-
-## Related topics
-- [Incidents queue](incidents-queue.md)
-- [View and organize the Incidents queue](view-incidents-queue.md)
-- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
index 2969a1b1a1..c32acad7cf 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
@@ -88,4 +88,5 @@ Machines that are not matched to any groups are added to Ungrouped machines (def
## Related topic
-- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
+- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 2df623ec62..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Manage Windows Defender ATP incidents
-description: Manage incidents by assigning it, updating its status, or setting its classification.
-keywords: incidents, manage, assign, status, classification, true alert, false alert
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 010/08/2018
----
-
-# Manage Windows Defender ATP incidents
-
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-[!include[Prerelease information](prerelease.md)]
-
-
-Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress.
-
-
-
-Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details.
-
-
-
-
-## Assign incidents
-If an incident has not been assigned yet, you can select **Assign to me** to assign the incident to yourself. Doing so assumes ownership of not just the incident, but also all the alerts associated with it.
-
-## Change the incident status
-You can categorize incidents (as **Active**, or **Resolved**) by changing their status as your investigation progresses. This helps you organize and manage how your team can respond to incidents.
-
-For example, your SoC analyst can review the urgent **Active** incidents for the day, and decide to assign them to himself for investigation.
-
-Alternatively, your SoC analyst might set the incident as **Resolved** if the incident has been remediated.
-
-## Classify the incident
-You can choose not to set a classification, or decide to specify whether an incident is true or false. Doing so helps the team see patterns and learn from them.
-
-## Rename incident
-By default, incidents are assigned with numbers. You can rename the incident if your organization uses a naming convention for easier cybersecurity threat identification.
-
-
-
-## Add comments and view the history of an incident
-You can add comments and view historical events about an incident to see previous changes made to it.
-
-Whenever a change or comment is made to an alert, it is recorded in the Comments and history section.
-
-Added comments instantly appear on the pane.
-
-## Related topics
-- [Incidents queue](incidents-queue.md)
-- [View and organize the Incidents queue](view-incidents-queue.md)
-- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
index 1428a1b310..fc15466da7 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 06/18/2018
+ms.date: 10/10/2018
---
# Onboard previous versions of Windows
@@ -50,7 +50,7 @@ The following steps are required to enable this integration:
### Before you begin
Review the following details to verify minimum system requirements:
-- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
+- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) or a later monthly update rollup.
>[!NOTE]
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
@@ -60,6 +60,14 @@ Review the following details to verify minimum system requirements:
>[!NOTE]
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
+- Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
+
+ >[NOTE]
+ >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
+ >Don't install .NET framework 4.0.x, since it will negate the above installation.
+
+
+
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard.md b/windows/security/threat-protection/windows-defender-atp/onboard.md
index 39ee66db3c..0df14919d3 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard.md
@@ -14,6 +14,9 @@ ms.date: 09/03/2018
---
# Configure and manage Windows Defender ATP capabilities
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization.
@@ -24,7 +27,7 @@ Topic | Description
[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
[Configure Secure score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.
-Configure Microsoft threat protection integration| Configure other solutions that integrate with Windows Defender ATP.
+Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Windows Defender ATP.
Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports.
[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
index 31b65ba716..cb4d987703 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
@@ -19,7 +19,7 @@ ms.date: 09/03/2018
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-The Widows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
+The Windows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
When a threat is detected, alerts are be created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview.md b/windows/security/threat-protection/windows-defender-atp/overview.md
index b40bd3d25d..df39986e0f 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview.md
@@ -14,6 +14,9 @@ ms.date: 09/03/2018
---
# Overview of Windows Defender ATP capabilities
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform.
@@ -28,7 +31,7 @@ Topic | Description
[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) | Use a powerful search and query language to create custom queries and detection rules.
[Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
-[Microsoft threat protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
+[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) |Learn to navigate your way around Windows Defender Security Center.
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 53f9b9de62..007a810594 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -41,9 +41,6 @@ The following features are included in the preview release:
- [Threat analytics](threat-analytics.md)
Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
-- [Incidents](incidents-queue.md)
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
-
- [Custom detection](overview-custom-detections.md)
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules.
diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
index a6c64df7ff..bc16fe2624 100644
--- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
@@ -34,4 +34,8 @@ File | Run API calls such as get file information, file related alerts, file rel
IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization.
Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
+KbInfo | Run API call that gets list of Windows KB's information
+CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's
+MachineSecurityStates | Run API call that gets list of machines with their security properties and versions
+MachineGroups | Run API call that gets list of machine group definitions
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
index b491a5a109..f0210ed5ce 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
@@ -1,7 +1,7 @@
---
-title: Microsoft threat protection
-description:
-keywords:
+title: Windows Defender ATP in Microsoft Threat Protection
+description: Learn about the capabilities within the Microsoft Threat Protection
+keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,18 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 09/12/2018
+ms.date: 10/12/2018
---
-# Microsoft threat protection
+# Microsoft Threat Protection
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
+
+For more information on Microsoft Threat Protection, see [Announcing Microsoft Threat Protection](https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Announcing-Microsoft-Threat-Protection/ba-p/262783).
Microsoft's multiple layers of threat protection across data, applications, devices, and identities can help protect your organization from advanced cyber threats.
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index 42e5a71b83..9c74c8d5f5 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -15,6 +15,10 @@ ms.date: 03/12/2018
# Overview of Windows Defender Security Center
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities.
diff --git a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
deleted file mode 100644
index 823c7f396e..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-title: View and organize the Incidents queue
-description: See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
-keywords: view, organize, incidents, aggregate, investigations, queue, ttp
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-ms.date: 10/08/2018
----
-
-# View and organize the Windows Defender Advanced Threat Protection Incidents queue
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-[!include[Prerelease information](prerelease.md)]
-
-The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
-
-By default, the queue displays incidents seen in the last 30 days, with the most recent incident showing at the top of the list, helping you see the most recent incidents first.
-
-There are several options you can choose from to customize the Incidents queue view.
-
-On the top navigation you can:
-- Customize columns to add or remove columns
-- Modify the number of items to view per page
-- Select the items to show per page
-- Batch-select the incidents to assign
-- Navigate between pages
-- Apply filters
-
-
-
-## Sort and filter the incidents queue
-You can apply the following filters to limit the list of incidents and get a more focused view.
-
-Incident severity | Description
-:---|:---
-High (Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on machines.
-Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
-Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
-Informational (Grey) | Informational incidents are those that might not be considered harmful to the network but might be good to keep track of.
-
-### Category
-Incidents are categorized based on the description of the stage by which the cybersecurity kill chain is in. This view helps the threat analyst to determine priority, urgency, and corresponding response strategy to deploy based on context.
-
-### Alerts
-Indicates the number of alerts associated with or part of the incidents.
-
-
-### Machines
-You can limit to show only the machines at risk which are associated with incidents.
-
-### Users
-You can limit to show only the users of the machines at risk which are associated with incidents.
-
-### Assigned to
-You can choose to show between unassigned incidents or those which are assigned to you.
-
-### Status
-You can choose to limit the list of incidents shown based on their status to see which ones are active or resolved
-
-### Classification
-Use this filter to choose between focusing on incidents flagged as true or false incidents.
-
-## Related topics
-- [Incidents queue](incidents-queue.md)
-- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
-- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
-
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index 86b6688059..1be7c7a0fb 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -1,14 +1,14 @@
---
-title: Windows Platform Common Criteria Certification
+title: Common Criteria Certifications
description: This topic details how Microsoft supports the Common Criteria certification program.
ms.prod: w10
ms.localizationpriority: medium
ms.author: daniha
author: danihalfin
-ms.date: 04/03/2018
+ms.date: 10/8/2018
---
-# Windows Platform Common Criteria Certification
+# Common Criteria Certifications
Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, continues to ensure that products incorporate the features and functions required by relevant Common Criteria protection profiles, and completes Common Criteria certifications of Microsoft Windows products.
@@ -18,7 +18,8 @@ Microsoft is committed to optimizing the security of its products and services.
The Security Target describes security functionality and assurance measures used to evaluate Windows.
- - [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
+ - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
+ - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx)
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx)
@@ -52,7 +53,9 @@ These documents describe how to configure Windows to replicate the configuration
**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
- - [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
+
+ - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf)
+ - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx)
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx)
@@ -127,7 +130,8 @@ These documents describe how to configure Windows to replicate the configuration
An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
- - [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
+ - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf)
+ - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf)
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index b296cc0cdf..287a4e1617 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -103,7 +103,7 @@ Several new features and management options have been added to Windows Defender
- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media.
- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans.
- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware.
-- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more informaiton about threat detections and removal.
+- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal.
- [Run a Windows Defender scan from the command line](/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus).
- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) during download and install times.
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index bf50ffbf86..1a8be89a59 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -112,9 +112,6 @@ We’ve continued to work on the **Current threats** area in [Virus & threat pr
-You can enable a new protection setting, **Block suspicious behaviors**, which brings [Windows Defender Exploit Guard attack surface reduction technology](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to all users. To enable this setting, go to the **Virus & threat protection** section and click **Manage settings**, as shown in the following screenshot:
-
-
With controlled folder access you can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether.