Merged PR 10355: ToC changes

This includes my changes to the ToC. It has a lot files because I pulled from master and atp-phase2 and then i moved the firewall topics to threat protection, which maybe wasn't necessary but I wanted to keep all of the ASR capabilities together.

devices/hololens/hololens-setup.md

@@ -7,7 +7,7 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 08/02/2018
 ---
 
 # Set up HoloLens
@@ -30,7 +30,12 @@ The HoloLens setup process combines a quick tutorial on using HoloLens with the
 2. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens.
 3. Next, you'll be guided through connecting to a Wi-Fi network. 
 4. After HoloLens connects to the Wi-Fi network, you select between **My work or school owns it** and **I own it**. 
-    - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
+    - When you choose **My work or school owns it**, you sign in with an Azure AD account.
+
+        >[!NOTE]
+        >[To share your HoloLens device with multiple Azure AD accounts](hololens-multiple-users.md), the HoloLens device must be running Windows 10, version 1803, and be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+    
+        If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
         1. Enter your organizational account. 
         2. Accept privacy statement.
         3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page.

windows/client-management/connect-to-remote-aadj-pc.md

@@ -9,7 +9,7 @@ ms.pagetype: devices
 author: jdeckerms
 ms.localizationpriority: medium
 ms.author: jdecker
-ms.date: 11/28/2017
+ms.date: 08/02/2018
 ---
 
 # Connect to remote Azure Active Directory-joined PC
@@ -45,6 +45,9 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
 
   4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
+  >[!TIP]
+  >When you connect to the remote PC, enter your account name in this format: `AzureADName\YourAccountName`.
+
  
 ## Supported configurations
  

windows/configuration/change-history-for-configure-windows-10.md

@@ -10,13 +10,19 @@ ms.localizationpriority: medium
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 07/30/2018
+ms.date: 08/03/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## August 2018
+
+New or changed topic | Description
+--- | ---
+[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | Added instructions for specifying multiple URLs in configuration settings for Kiosk Browser.
+
 ## July 2018
 
 New or changed topic | Description 

windows/configuration/guidelines-for-assigned-access-app.md

@@ -9,7 +9,7 @@ author: jdeckerms
 ms.localizationpriority: medium
 ms.author: jdecker
 ms.topic: article
-ms.date: 07/30/2018
+ms.date: 08/03/2018
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
@@ -59,14 +59,25 @@ In Windows 10, version 1803, you can install the **Kiosk Browser** app from Micr
 
 Kiosk Browser settings | Use this setting to
 --- | ---
-Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. Separate multiple URLs using `&#xF000;`.<br><br>For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. Separate multiple URLs using `&#xF000;`.<br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
+Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
+Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
 Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
 Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
 Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
 Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
 Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
 
+>[!IMPORTANT]
+>To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+>
+> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
+>2.	Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). 
+>3.	Insert the null character string in between each URL (e.g www.bing.com&#xF000;www.contoso.com). 
+>4.	Save the XML file.
+>5.	Open the project again in Windows Configuration Designer.
+>6.	Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+ 
+
 >[!TIP]
 >To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](https://docs.microsoft.com/intune/custom-settings-windows-10) with the following information:
 >- OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton

windows/configuration/setup-digital-signage.md

@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: high
-ms.date: 07/30/2018
+ms.date: 08/03/2018
 ---
 
 # Set up digital signs on Windows 10
@@ -61,6 +61,10 @@ This procedure explains how to configure digital signage using Kiosk Browser on
     - In **BlockedUrl**, enter `*`.
     - In **DefaultUrl**, enter `https://www.contoso.com/menu`.
     - Set **EnableEndSessionButton**, **EnableHomeButton**, and **EnableNavigationButtons** to **No**.
+
+    >[!TIP]
+    >For more information on kiosk browser settings, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
+
 13. On the **File** menu, select **Save**, and select **OK** in the **Keep your info secure** dialog box.
 14. On the **Export** menu, select **Provisioning package**.
 15. Change the **Owner** to **IT Admin**, and select **Next**.

windows/configuration/wcd/wcd-policies.md

@@ -8,7 +8,7 @@ author: jdeckerMS
 ms.localizationpriority: medium
 ms.author: jdecker
 ms.topic: article
-ms.date: 04/30/2018
+ms.date: 08/03/2018
 ---
 
 # Policies (Windows Configuration Designer reference)
@@ -290,13 +290,21 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store.
 
 | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
 | --- | --- | :---: | :---: | :---: | :---: | :---: |
-[BlockedUrlExceptions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). Separate multiple URLs using ``. This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | X |  |  |  |  |
-[BlockedUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). Separate multiple URLs using ``. This is used to configure blocked URLs kiosk browsers cannot navigate to. | X |  |  |  |  |
+[BlockedUrlExceptions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | X |  |  |  |  |
+[BlockedUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | X |  |  |  |  |
 [DefaultURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart.  | X |  |  |  |  |
 [EnableHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button.  | X |  |  |  |  |
 [EnableNavigationButtons](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | X |  |  |  |  |
 [RestartOnIdleTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.  The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | X |  |  |  |  |
 
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
+2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). 
+3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com). 
+4. Save the XML file.
+5. Open the project again in Windows Configuration Designer.
+6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
 
 ## Location
 

windows/security/identity-protection/TOC.md

@@ -70,115 +70,5 @@
 ### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md)
 ### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)
 
-## [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md)
-### [Isolating Microsoft Store Apps on Your Network](windows-firewall/isolating-apps-on-your-network.md)
-### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md)
-### [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
-### [Windows Firewall with Advanced Security Design Guide](windows-firewall/windows-firewall-with-advanced-security-design-guide.md)
-#### [Understanding the Windows Firewall with Advanced Security Design Process](windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md)
-#### [Identifying Your Windows Firewall with Advanced Security Deployment Goals](windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-##### [Protect Devices from Unwanted Network Traffic](windows-firewall/protect-devices-from-unwanted-network-traffic.md)
-##### [Restrict Access to Only Trusted Devices](windows-firewall/restrict-access-to-only-trusted-devices.md)
-##### [Require Encryption When Accessing Sensitive Network Resources](windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md)
-##### [Restrict Access to Only Specified Users or Computers](windows-firewall/restrict-access-to-only-specified-users-or-devices.md)
-#### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-##### [Basic Firewall Policy Design](windows-firewall/basic-firewall-policy-design.md)
-##### [Domain Isolation Policy Design](windows-firewall/domain-isolation-policy-design.md)
-##### [Server Isolation Policy Design](windows-firewall/server-isolation-policy-design.md)
-##### [Certificate-based Isolation Policy Design](windows-firewall/certificate-based-isolation-policy-design.md)
-#### [Evaluating Windows Firewall with Advanced Security Design Examples](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-##### [Firewall Policy Design Example](windows-firewall/firewall-policy-design-example.md)
-##### [Domain Isolation Policy Design Example](windows-firewall/domain-isolation-policy-design-example.md)
-##### [Server Isolation Policy Design Example](windows-firewall/server-isolation-policy-design-example.md)
-##### [Certificate-based Isolation Policy Design Example](windows-firewall/certificate-based-isolation-policy-design-example.md)
-#### [Designing a Windows Firewall with Advanced Security Strategy](windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md)
-##### [Gathering the Information You Need](windows-firewall/gathering-the-information-you-need.md)
-###### [Gathering Information about Your Current Network Infrastructure](windows-firewall/gathering-information-about-your-current-network-infrastructure.md)
-###### [Gathering Information about Your Active Directory Deployment](windows-firewall/gathering-information-about-your-active-directory-deployment.md)
-###### [Gathering Information about Your Computers](windows-firewall/gathering-information-about-your-devices.md)
-###### [Gathering Other Relevant Information](windows-firewall/gathering-other-relevant-information.md)
-##### [Determining the Trusted State of Your Computers](windows-firewall/determining-the-trusted-state-of-your-devices.md)
-#### [Planning Your Windows Firewall with Advanced Security Design](windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md)
-##### [Planning Settings for a Basic Firewall Policy](windows-firewall/planning-settings-for-a-basic-firewall-policy.md)
-##### [Planning Domain Isolation Zones](windows-firewall/planning-domain-isolation-zones.md)
-###### [Exemption List](windows-firewall/exemption-list.md)
-###### [Isolated Domain](windows-firewall/isolated-domain.md)
-###### [Boundary Zone](windows-firewall/boundary-zone.md)
-###### [Encryption Zone](windows-firewall/encryption-zone.md)
-##### [Planning Server Isolation Zones](windows-firewall/planning-server-isolation-zones.md)
-##### [Planning Certificate-based Authentication](windows-firewall/planning-certificate-based-authentication.md)
-###### [Documenting the Zones](windows-firewall/documenting-the-zones.md)
-###### [Planning Group Policy Deployment for Your Isolation Zones](windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md)
-####### [Planning Isolation Groups for the Zones](windows-firewall/planning-isolation-groups-for-the-zones.md)
-####### [Planning Network Access Groups](windows-firewall/planning-network-access-groups.md)
-####### [Planning the GPOs](windows-firewall/planning-the-gpos.md)
-######## [Firewall GPOs](windows-firewall/firewall-gpos.md)
-######### [GPO_DOMISO_Firewall](windows-firewall/gpo-domiso-firewall.md)
-######## [Isolated Domain GPOs](windows-firewall/isolated-domain-gpos.md)
-######### [GPO_DOMISO_IsolatedDomain_Clients](windows-firewall/gpo-domiso-isolateddomain-clients.md)
-######### [GPO_DOMISO_IsolatedDomain_Servers](windows-firewall/gpo-domiso-isolateddomain-servers.md)
-######## [Boundary Zone GPOs](windows-firewall/boundary-zone-gpos.md)
-######### [GPO_DOMISO_Boundary](windows-firewall/gpo-domiso-boundary.md)
-######## [Encryption Zone GPOs](windows-firewall/encryption-zone-gpos.md)
-######### [GPO_DOMISO_Encryption](windows-firewall/gpo-domiso-encryption.md)
-######## [Server Isolation GPOs](windows-firewall/server-isolation-gpos.md)
-####### [Planning GPO Deployment](windows-firewall/planning-gpo-deployment.md)
-#### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
-#### [Planning to Deploy Windows Firewall with Advanced Security](windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md)
-#### [Implementing Your Windows Firewall with Advanced Security Design Plan](windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md)
-#### [Checklist: Creating Group Policy Objects](windows-firewall/checklist-creating-group-policy-objects.md)
-#### [Checklist: Implementing a Basic Firewall Policy Design](windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md)
-#### [Checklist: Configuring Basic Firewall Settings](windows-firewall/checklist-configuring-basic-firewall-settings.md)
-#### [Checklist: Creating Inbound Firewall Rules](windows-firewall/checklist-creating-inbound-firewall-rules.md)
-#### [Checklist: Creating Outbound Firewall Rules](windows-firewall/checklist-creating-outbound-firewall-rules.md)
-#### [Checklist: Implementing a Domain Isolation Policy Design](windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md)
-##### [Checklist: Configuring Rules for the Isolated Domain](windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md)
-##### [Checklist: Configuring Rules for the Boundary Zone](windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md)
-##### [Checklist: Configuring Rules for the Encryption Zone](windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md)
-##### [Checklist: Configuring Rules for an Isolated Server Zone](windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md)
-#### [Checklist: Implementing a Standalone Server Isolation Policy Design](windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md)
-##### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-##### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
-#### [Checklist: Implementing a Certificate-based Isolation Policy Design](windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md)
-#### [Procedures Used in This Guide](windows-firewall/procedures-used-in-this-guide.md)
-##### [Add Production Devices to the Membership Group for a Zone](windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md)
-##### [Add Test Devices to the Membership Group for a Zone](windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md)
-##### [Assign Security Group Filters to the GPO](windows-firewall/assign-security-group-filters-to-the-gpo.md)
-##### [Change Rules from Request to Require Mode](windows-firewall/change-rules-from-request-to-require-mode.md)
-##### [Configure Authentication Methods](windows-firewall/configure-authentication-methods.md)
-##### [Configure Data Protection (Quick Mode) Settings](windows-firewall/configure-data-protection-quick-mode-settings.md)
-##### [Configure Group Policy to Autoenroll and Deploy Certificates](windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-##### [Configure Key Exchange (Main Mode) Settings](windows-firewall/configure-key-exchange-main-mode-settings.md)
-##### [Configure the Rules to Require Encryption](windows-firewall/configure-the-rules-to-require-encryption.md)
-##### [Configure the Windows Firewall Log](windows-firewall/configure-the-windows-firewall-log.md)
-##### [Configure the Workstation Authentication Certificate Template](windows-firewall/configure-the-workstation-authentication-certificate-template.md)
-##### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-##### [Confirm That Certificates Are Deployed Correctly](windows-firewall/confirm-that-certificates-are-deployed-correctly.md)
-##### [Copy a GPO to Create a New GPO](windows-firewall/copy-a-gpo-to-create-a-new-gpo.md)
-##### [Create a Group Account in Active Directory](windows-firewall/create-a-group-account-in-active-directory.md)
-##### [Create a Group Policy Object](windows-firewall/create-a-group-policy-object.md)
-##### [Create an Authentication Exemption List Rule](windows-firewall/create-an-authentication-exemption-list-rule.md)
-##### [Create an Authentication Request Rule](windows-firewall/create-an-authentication-request-rule.md)
-##### [Create an Inbound ICMP Rule](windows-firewall/create-an-inbound-icmp-rule.md)
-##### [Create an Inbound Port Rule](windows-firewall/create-an-inbound-port-rule.md)
-##### [Create an Inbound Program or Service Rule](windows-firewall/create-an-inbound-program-or-service-rule.md)
-##### [Create an Outbound Port Rule](windows-firewall/create-an-outbound-port-rule.md)
-##### [Create an Outbound Program or Service Rule](windows-firewall/create-an-outbound-program-or-service-rule.md)
-##### [Create Inbound Rules to Support RPC](windows-firewall/create-inbound-rules-to-support-rpc.md)
-##### [Create WMI Filters for the GPO](windows-firewall/create-wmi-filters-for-the-gpo.md)
-##### [Enable Predefined Inbound Rules](windows-firewall/enable-predefined-inbound-rules.md)
-##### [Enable Predefined Outbound Rules](windows-firewall/enable-predefined-outbound-rules.md)
-##### [Exempt ICMP from Authentication](windows-firewall/exempt-icmp-from-authentication.md)
-##### [Link the GPO to the Domain](windows-firewall/link-the-gpo-to-the-domain.md)
-##### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-##### [Open the Group Policy Management Console to IP Security Policies](windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md)
-##### [Open the Group Policy Management Console to Windows Firewall](windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md)
-##### [Open the Group Policy Management Console to Windows Firewall with Advanced Security](windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
-##### [Open Windows Firewall with Advanced Security](windows-firewall/open-windows-firewall-with-advanced-security.md)
-##### [Restrict Server Access to Members of a Group Only](windows-firewall/restrict-server-access-to-members-of-a-group-only.md)
-##### [Turn on Windows Firewall and Configure Default Behavior](windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md)
-##### [Verify That Network Traffic Is Authenticated](windows-firewall/verify-that-network-traffic-is-authenticated.md)
-
 ## [Windows Hello for Business](hello-for-business/hello-identity-verification.md)
 

windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md

@@ -23,7 +23,7 @@ Hybrid environments are distributed systems that enable organizations to use on-
 
 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infastructure)
+* [Public Key Infrastructure](#public-key-infrastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
 * [MultiFactor Authetication](#multifactor-authentication)
@@ -32,7 +32,7 @@ The distributed systems on which these technologies were built involved several
 ## Directories ##
 Hybrid Windows Hello for Business needs two directories: on-premises Active Directory and a cloud Azure Active Directory.  The minimum required domain functional and forest functional levels for Windows Hello for Business deployment is Windows Server 2008 R2. The 
 
-A hybrid Windows Hello for Busines deployment needs an Azure Active Directory subscription.  The hybrid key trust deployment, does not need a premium Azure Active Directory subscription.
+A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription.  The hybrid key trust deployment, does not need a premium Azure Active Directory subscription.
 
 You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers.  However, the key trust deployment needs an ***adequate*** number of Windows Server 2016 domain controllers at each site where users authenticate using Windows Hello for Business.  Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
  
@@ -52,13 +52,13 @@ Review these requirements and those from the Windows Hello for Business planning
 ## Public Key Infrastructure ##
 The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller.
 
-Key trust deployments do not need client issued certificates for on-premises authentication.  Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Diretory object.
+Key trust deployments do not need client issued certificates for on-premises authentication.  Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object.
 
 The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012.
 
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
-> * Install the root certificate authority certificate for your organization in the user's trusted root certifcate store.
+> * Install the root certificate authority certificate for your organization in the user's trusted root certificate store.
 > * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url.
 
 ### Section Review
@@ -99,12 +99,12 @@ Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Auth
 > [!div class="checklist"]
 > * Azure MFA Service
 > * Windows Server 2016 AD FS and Azure (optional, if federated)
-> * Windows Server 2016 AD FS and third party MFA Adapter (optional, if federated)
+> * Windows Server 2016 AD FS and third-party MFA Adapter (optional, if federated)
 
 <br>
 
 ## Device Registration ##
-Organizations wanting to deploy hybrid key trust need thier domain joined devices to register to Azure Active Directory.  Just as a computer has an identity in Active Directory, that same computer has an identity in the cloud.  This ensures that only approved computers are used with that Azure Active Directory.  Each computer registers its identity in Azure Active Directory. 
+Organizations wanting to deploy hybrid key trust need their domain joined devices to register to Azure Active Directory.  Just as a computer has an identity in Active Directory, that same computer has an identity in the cloud.  This ensures that only approved computers are used with that Azure Active Directory.  Each computer registers its identity in Azure Active Directory. 
  
 
 ### Section Checklist ###
@@ -114,11 +114,11 @@ Organizations wanting to deploy hybrid key trust need thier domain joined device
 <br>
 
 ### Next Steps ###
-Follow the Windows Hello for Business hybrid key trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**.  
+Follow the Windows Hello for Business hybrid key trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**.  
 
-For environments transitioning from on-premises to hybrid, start with  **Configure Azure Directory Syncrhonization**. 
+For environments transitioning from on-premises to hybrid, start with  **Configure Azure Directory Synchronization**. 
 
-For federerated and non-federated environments, start with **Configure Windows Hello for Business settings**.
+For federated and non-federated environments, start with **Configure Windows Hello for Business settings**.
 
 > [!div class="op_single_selector"]
 > - [New Installation Baseline](hello-hybrid-key-new-install.md)
@@ -131,7 +131,7 @@ For federerated and non-federated environments, start with **Configure Windows H
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-key-trust.md)
-2. Prerequistes (*You are here*)
+2. Prerequisites (*You are here*)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)

windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

@@ -45,11 +45,11 @@ The provisioning flow has all the information it needs to complete the Windows H
 * A fresh, successful multi-factor authentication
 * A validated PIN that meets the PIN complexity requirements
 
-The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key.  When key registration completes, Windows Hello for Business provisioning informs the user  they can use their PIN to sign-in.  The user may close the provisiong application and see their desktop.  While the user has completed provisioning, Azure AD Connect syncrhonizes the user's key to Active Directory.   
+The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key.  When key registration completes, Windows Hello for Business provisioning informs the user they can use their PIN to sign-in.  The user may close the provisioning application and see their desktop.  While the user has completed provisioning, Azure AD Connect synchronizes the user's key to Active Directory.   
 
 > [!IMPORTANT]
-> The minimum time needed to syncrhonize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 > [!NOTE]

windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md

@@ -18,7 +18,7 @@ ms.date: 10/23/2017
 
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
-Configure the appropriate security groups to effeiciently deploy Windows Hello for Business to users. 
+Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users. 
 
 
 ### Creating Security Groups

windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md

@@ -19,13 +19,13 @@ ms.date: 10/23/2017
 
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
-Windows Hello for Business deployments rely on certificates.  Hybrid deployments uses publicly issued server authentication certifcates to validate the name of the server to which they are connecting and to encyrpt the data that flows them and the client computer.
+Windows Hello for Business deployments rely on certificates.  Hybrid deployments uses publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer.
 
 All deployments use enterprise issued certificates for domain controllers as a root of trust. 
 
-## Certifcate Templates
+## Certificate Templates
 
-This section has you configure certificate templates on your Windows Server 2012 or later issuing certificate authtority. 
+This section has you configure certificate templates on your Windows Server 2012 or later issuing certificate authority. 
 
 ### Domain Controller certificate template
 
@@ -49,7 +49,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 7.	On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
 8.	Close the console.
 
-#### Configure Certificate Suspeding for the Domain Controller Authentication (Kerberos) Certificate Template
+#### Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template
 
 Many domain controllers may have an existing domain controller certificate.  The Active Directory Certificate Services provides a default certificate template for domain controllers--the domain controller certificate template.  Later releases provided a new certificate template--the domain controller authentication certificate template.  These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the **KDC Authentication** extension.  
 
@@ -108,7 +108,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)

windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md

@@ -21,7 +21,7 @@ ms.date: 10/23/2017
 You are ready to configure your hybrid key trust environment for Windows Hello for Business.
   
 > [!IMPORTANT]
-> Ensure your environment meets all the [prerequistes](hello-hybrid-key-trust-prereqs.md) before proceeding. Review the [New Installation baseline](hello-hybrid-key-new-install.md) section of this deployment document to learn how to prepare your environment for your Windows Hello for Business deployment.  
+> Ensure your environment meets all the [prerequisites](hello-hybrid-key-trust-prereqs.md) before proceeding. Review the [New Installation baseline](hello-hybrid-key-new-install.md) section of this deployment document to learn how to prepare your environment for your Windows Hello for Business deployment.  
 
 The configuration for Windows Hello for Business is grouped in four categories.  These categories are: 
 * [Active Directory](hello-hybrid-key-whfb-settings-ad.md)

windows/security/identity-protection/index.md

@@ -25,5 +25,4 @@ Learn more about identity annd access management technologies in Windows 10 and
 | [VPN technical guide](vpn/vpn-guide.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
 | [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) | Provides a collection of references topics about smart cards, which are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account. |
 | [Windows Hello for Business](hello-for-business/hello-identity-verification.md) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
-| [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md) | Provides information about Windows Firewall with Advanced Security, which is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local device. |
 | [Windows 10 Credential Theft Mitigation Guide Abstract](windows-credential-theft-mitigation-guide-abstract.md) | Learn more about credential theft mitigation in Windows 10. |

windows/security/index.yml

@@ -22,7 +22,7 @@ metadata:
 
   manager: brianlic
 
-  ms.date: 07/12/2018
+  ms.date: 08/01/2018
 
   ms.topic: article
 

windows/security/threat-protection/TOC.md

@@ -15,14 +15,16 @@
 #### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
 
 ####Evaluate Windows Defender ATP
-##### [Evaluate Attack surface reduction - ASR controls](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
-##### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
-##### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
-##### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
-##### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
-##### [Evaluate Windows Defender Exploit Guard-rewrite](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
-##### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
-##### [Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+##### [ASR](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md)
+###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+###### [Application control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+###### [Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+###### [Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md)
+###### [Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
+###### [ASR controls](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
+###### [Auditing mode](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md)
+###### [Network firewall](windows-firewall\evaluating-windows-firewall-with-advanced-security-design-examples.md)
+##### [Next gen protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
 
 
 
@@ -47,9 +49,17 @@
 
 
 ####[Configure ASR](configure1.md)
-##### [System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md)
-##### [Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
-##### [Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md)
+##### [Hardware-based isolation](windows-defender-application-guard/configure-wd-app-guard.md)
+##### [Application control](windows-defender-application-control/windows-defender-application-control-deployment-guide.md)
+##### [Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
+##### [Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
+##### [Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
+##### [ASR controls](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
+##### [Network firewall](windows-firewall\windows-firewall-with-advanced-security-deployment-guide.md)
+
+
+
+
 
 
 
@@ -145,36 +155,47 @@
 
 
 
+### [Attack surface reduction - Chris, Amitai, Justin](windows-defender-exploit-guard\windows-defender-exploit-guard.md)
 
-
-
-### [Attack surface reduction - Chris, Amitai, Justin](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
-#### [Hardware based isolation](windows-defender-application-guard/wd-app-guard-overview.md)
+#### [Hardware-based isolation](windows-defender-application-guard\wd-app-guard-overview.md)
 ##### [Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md)
-#### [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)
 
+#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+##### [Design](windows-defender-application-control/windows-defender-application-control-design-guide.md)
+##### [Deploy](windows-defender-application-control/windows-defender-application-control-deployment-guide.md)
+##### [AppLocker](windows-defender-application-control/applocker/applocker-overview.md)
 
 #### [Exploit protection - Chris, Amitai, Justin](windows-defender-exploit-guard\exploit-protection-exploit-guard.md)
-##### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
-
-##### [Enable Exploit protection - Chris, Amitai, Justin](windows-defender-exploit-guard\enable-exploit-protection.md)
-##### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
-###### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
+##### [Compare with EMET](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md)
+##### [Evaluate](windows-defender-exploit-guard\evaluate-exploit-protection.md)
+##### [Enable](windows-defender-exploit-guard\enable-exploit-protection.md)
+##### [Customize](windows-defender-exploit-guard\customize-exploit-protection.md)
+###### [Import, export, and deploy](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
 
 #### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md)
+##### [Evaluate](windows-defender-exploit-guard\evaluate-network-protection.md)
+##### [Enable](windows-defender-exploit-guard\enable-network-protection.md)
+##### [Troubleshoot](windows-defender-exploit-guard\troubleshoot-np.md)
 
-##### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md)
-##### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md)
 #### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md)
-
-##### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
-##### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
+##### [Evaluate](windows-defender-exploit-guard\evaluate-controlled-folder-access.md)
+##### [Enable](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md)
+##### [Customize](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md)
 
 
+#### [ASR controls](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
+##### [Evaluate](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
+##### [Enable](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
+##### [Customize](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
+##### [Troubleshoot](windows-defender-exploit-guard\troubleshoot-asr.md)
+
+#### [Network firewall](windows-firewall\windows-firewall-with-advanced-security.md)
+##### [Isolate Store Apps](windows-firewall\isolating-apps-on-your-network.md)
+##### [Secure IPsec Connections](windows-firewall\securing-end-to-end-ipsec-connections-by-using-ikev2.md)
+##### [PowerShell](windows-firewall\windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+##### [Design](windows-firewall\windows-firewall-with-advanced-security-design-guide.md)
+##### [Deploy](windows-firewall\windows-firewall-with-advanced-security-deployment-guide.md)
 
-##### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)
-##### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md)
-##### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md)
 
 ### [Next gen protection - Andrea, Chris, Amitai](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
 #### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
@@ -394,7 +415,8 @@
 
 
 
-## Other security features
+## More Windows 10 security
+
 ### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md)
 #### [Customize the Windows Security app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
 #### [Hide Windows Security app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
@@ -494,7 +516,7 @@
 ####### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md)
 ####### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md)
 ####### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md)
-####### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md)
+####### [Event 4764 S: A group<EFBFBD>s type was changed.](auditing/event-4764.md)
 ####### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md)
 ###### [Audit User Account Management](auditing/audit-user-account-management.md)
 ####### [Event 4720 S: A user account was created.](auditing/event-4720.md)
@@ -965,8 +987,8 @@
 
 
 ### [Windows security baselines](windows-security-baselines.md)
-### [Security Compliance Toolkit](security-compliance-toolkit-10.md)
-### [Get support](get-support-for-security-baselines.md)
+#### [Security Compliance Toolkit](security-compliance-toolkit-10.md)
+#### [Get support](get-support-for-security-baselines.md)
 
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 

windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md

@@ -366,7 +366,7 @@ The following table details the hardware requirements for both virtualization-ba
 </tr>
 <tr class="odd">
 <td align="left"><p>Trusted Platform Module (TPM) </p></td>
-<td align="left"><p>Required to support health attestation and necessary for additional key protections for virtualization-based security. TPM 2.0 is supported; TPM 1.2 is also supported beginnning with Windows 10, version 1703.</p></td>
+<td align="left"><p>Required to support health attestation and necessary for additional key protections for virtualization-based security. TPM 2.0 is supported. Support for TPM 1.2 was added beginning in Windows 10, version 1607 (RS1)</p></td>
 </tr>
 </tbody>
 </table>

windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md

@@ -119,12 +119,12 @@ You’ll be able to onboard in the same method available for Windows 10 client m
 Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
 
 The following capabilities are included in this integration:
-- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to ASC. For more information on onboarding to ASC, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/en-us/azure/security-center/security-center-onboarding).
+- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/en-us/azure/security-center/security-center-onboarding).
 
     >[!NOTE]
     > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
 
-- Servers monitored by  Azure Security Center will also be available in Windows Defender ATP - ASC seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers.  In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
+- Servers monitored by  Azure Security Center will also be available in Windows Defender ATP - Azure Security Center seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers.  In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
 - Server investigation -  Azure Security Center customers can access the Windows Defender ATP portal to perform detailed investigation to uncover the scope of a potential breach
 
 >[!IMPORTANT]

windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md

@@ -28,7 +28,7 @@ Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```
-POST /testwdatppreview/machineactions/{id}/getPackageUri
+GET /testwdatppreview/machineactions/{id}/getPackageUri
 ```
 
 ## Request headers

windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md

@@ -41,8 +41,6 @@ For example, if you add *exe* and *bat* as file or attachment extension names, t
 
 3. Configure the following extension names and separate extension names with a comma:
    - **File extension names** -  Suspicious files except email attachments will be submitted for additional inspection
-   - **Attachment extension names** - Suspicious email attachments with these extension names will be submitted for additional inspection
-
   
 
 ## Related topics

windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md

@@ -73,7 +73,7 @@ You'll need to whitelist the `securitycenter.windows.com` and all sub-domains un
 
 
 ## Portal communication issues
-If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following urls are whitelisted and open for communciation.
+If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following URLs are whitelisted and open for communciation.
 
 - `*.blob.core.windows.net 
 crl.microsoft.com`