Merge branch 'master' into Lovina-Saldanha-4528258

store-for-business/add-unsigned-app-to-code-integrity-policy.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Add unsigned app to code integrity policy
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**

store-for-business/device-guard-signing-portal.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com.  
 
 
 **Applies to**

store-for-business/sign-code-integrity-policy-with-device-guard-signing.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Sign code integrity policy with Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**

windows/privacy/configure-windows-diagnostic-data-in-your-organization.md

@@ -13,7 +13,7 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 07/21/2020
+ms.date: 10/13/2020
 ---
 
 # Configure Windows diagnostic data in your organization
@@ -24,7 +24,7 @@ ms.date: 07/21/2020
 - Windows 10 Education
 - Windows Server 2016 and newer
 
-This article applies to Windows 10, Windows Server, Surface Hub, and Hololens diagnostic data only. It describes the types of diagnostic data that’s sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers.
+This article applies to Windows 10, Windows Server, Surface Hub, and HoloLens diagnostic data only. It describes the types of diagnostic data that’s sent back to Microsoft and the ways you can manage it within your organization. Microsoft uses the data to quickly identify and address issues affecting its customers.
 
 >[!IMPORTANT]
 >Microsoft is [increasing transparency](https://blogs.microsoft.com/on-the-issues/2019/04/30/increasing-transparency-and-customer-control-over-data/) by categorizing the data we collect as required or optional. Windows 10 is in the process of updating devices to reflect this new categorization, and during this transition Basic diagnostic data will be recategorized as Required diagnostic data and Full diagnostic data will be recategorized as Optional diagnostic data. For more information, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
@@ -50,7 +50,9 @@ For example, in an earlier version of Windows 10 there was a version of a video
 Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. These examples show how the use of diagnostic data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.
 
 - **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time.
+
 - **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance.
+
 - **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between apps. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
 
 ## How Microsoft handles diagnostic data
@@ -60,8 +62,11 @@ Use the following sections to learn more about how Microsoft handles diagnostic
 ### Data collection
 
 Depending on the diagnostic data settings on the device, diagnostic data can be collected via the following methods:
+
  - Small payloads of structured information referred to as diagnostic data events, managed by the Connected User Experiences and Telemetry component.
+ 
  - Diagnostic logs for additional troubleshooting, also managed by the Connected User Experience and Telemetry component. 
+ 
  - Crash reporting and crash dumps, managed by [Windows Error Reporting](https://docs.microsoft.com/windows/win32/wer/windows-error-reporting).
 
 Later in this document we provide further details about how to control what’s collected and what data can be included in these different types of diagnostic data.
@@ -101,7 +106,7 @@ There are four diagnostic data collection settings. Each setting is described in
 
 Here’s a summary of the types of data that is included with each setting:
 
-| | **Diagnostic data off (Security)** | **Required (Basic)** | **Enhanced** |**Optional (Full)**|
+| | Diagnostic data off (Security) | Required (Basic) | Enhanced | Optional (Full) |
 | --- | --- | --- | --- | --- |
 | **Diagnostic data events** | No Windows diagnostic data sent. | Minimum data required to keep the device secure, up to date, and performing as expected. | Additional data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. | Additional data about the websites you browse, how Windows and apps are used and how they perform. This data also includes data about device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users.|
 | **Crash Metadata** | N/A | Yes | Yes | Yes |
@@ -155,9 +160,13 @@ Required diagnostic data includes:
 >We’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. making changes to the enhanced diagnostic data level. For more info about this change, see [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md).
 
 Enhanced diagnostic data includes data about the websites you browse, how Windows and apps are used and how they perform, and device activity. The additional data helps Microsoft to fix and improve products and services for all users. When you choose to send enhanced diagnostic data, required diagnostic data will always be included, and we collect the following additional information:
+
  - Operating system events that help to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
+ 
  - Operating system app events resulting from Microsoft apps and management tools that were downloaded from the Microsoft Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge.
+ 
  - Device-specific events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
+ 
  - All crash dump types, except for heap dumps and full dumps. For more information about crash dumps, see [Windows Error Reporting](https://docs.microsoft.com/windows/win32/wer/windows-error-reporting).
 
  ### Optional diagnostic data
@@ -165,9 +174,13 @@ Enhanced diagnostic data includes data about the websites you browse, how Window
 Optional diagnostic data, previously labeled as **Full**, includes more detailed information about your device and its settings, capabilities, and device health. Optional diagnostic data also includes data about the websites you browse, device activity, and enhanced error reporting that helps Microsoft to fix and improve products and services for all users. When you choose to send optional diagnostic data, required diagnostic data will always be included, and we collect the following additional information:
 
  - Additional data about the device, connectivity, and configuration, beyond that collected under required diagnostic data.
+ 
  - Status and logging information about the health of operating system and other system components beyond what is collected under required diagnostic data.
+ 
  - App activity, such as which programs are launched on a device, how long they run, and how quickly they respond to input.
+ 
  - Browser activity, including browsing history and search terms, in Microsoft browsers (Microsoft Edge or Internet Explorer).
+ 
  - Enhanced error reporting, including the memory state of the device when a system or app crash occurs (which may unintentionally contain user content, such as parts of a file you were using when the problem occurred). Crash data is never used for Tailored experiences.
 
 >[!Note]
@@ -198,13 +211,14 @@ Use the appropriate value in the table below when you configure the management p
 
 You can use Group Policy to set your organization’s diagnostic data setting:
 
- 1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
+1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**.
- 2.  Double-click **Allow Telemetry**.
 
->[!NOTE]
+2.  Double-click **Allow Telemetry**.
-> If devices in your organization are running Windows 10, 1803 and newer, the user can still use Settings to set the diagnostic data setting to a more restrictive value, unless the **Configure diagnostic data opt-in settings user interface** policy is set.
 
- 3. In the **Options** box, choose the setting that you want to configure, and then click **OK**.
+    > [!NOTE]
+    > If devices in your organization are running Windows 10, 1803 and newer, the user can still use Settings to set the diagnostic data setting to a more restrictive value, unless the **Configure diagnostic data opt-in settings user interface** policy is set.
+
+3. In the **Options** box, choose the setting that you want to configure, and then click **OK**.
 
 ### Use MDM to manage diagnostic data collection
 
@@ -213,3 +227,9 @@ Use [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/win
 ## Limit optional diagnostic data for Desktop Analytics
 
 For more information about how to limit the diagnostic data to the minimum required by Desktop Analytics, see [Enable data sharing for Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enable-data-sharing).
+
+## Change privacy settings on a single server
+
+You can also change the privacy settings on a server running either the Azure Stack HCI operating system or Windows Server. For more information, see [Change privacy settings on individual servers](https://docs.microsoft.com/azure-stack/hci/manage/change-privacy-settings).
+
+To manage privacy settings in your enterprise as a whole, see [Manage enterprise diagnostic data](#manage-enterprise-diagnostic-data).

windows/security/identity-protection/hello-for-business/hello-faq.md

@@ -45,7 +45,7 @@ The statement "PIN is stronger than Password" is not directed at the strength of
 The **Key Admins** and **Enterprise Key Admins** groups are created when you install the first Windows Server 2016 domain controller into a domain. Domain controllers running previous versions of Windows Server cannot translate the security identifier (SID) to a name.  To resolve this, transfer the PDC emulator domain role to a domain controller running Windows Server 2016.
 
 ## Can I use a convenience PIN with Azure AD?
-It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts. It is only supported for on-premises Domain Joined users and local account users.
+It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts (synchronized identities included). It is only supported for on-premises Domain Joined users and local account users.
 
 ## Can I use an external camera when my laptop is closed or docked?
 No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed.  The product group is aware of this and is investigating this topic further.

windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md

@@ -95,7 +95,7 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
    - Reboot system into Windows 10.
 
    >[!NOTE]
-   > **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
+   > **Hyper-V - Virtualization Enabled in Firmware** is not available when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is displayed. This means that **Hyper-V - Virtualization Enabled in Firmware** is set to Yes and the **Hyper-V** Windows feature is enabled. Enabling Hyper-V virtualization in Firmware (IOMMU) is required to enable **Kernel DMA Protection**, even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
 
 4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature. 
 

windows/security/threat-protection/TOC.md

@@ -67,6 +67,7 @@
 ##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
 ##### [Vulnerabilities in my organization](microsoft-defender-atp/tvm-weaknesses.md)
 ##### [Event timeline](microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md)
+##### [Vulnerable devices report](microsoft-defender-atp/tvm-vulnerable-devices-report.md)
 ##### [Hunt for exposed devices](microsoft-defender-atp/tvm-hunt-exposed-devices.md)
 
 
@@ -274,6 +275,7 @@
 
 #### [Configure]()
 ##### [Configure iOS features](microsoft-defender-atp/ios-configure-features.md)
+#### [Privacy](microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md)
 
 
 ### [Microsoft Defender Advanced Threat Protection for Linux]()

windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md

@@ -1,5 +1,5 @@
 ---
-title: Manage Windows Defender  in your business
+title: Manage Windows Defender in your business
 description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Microsoft Defender AV
 keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection
 search.product: eADQiWindows 10XVcnh
@@ -27,12 +27,12 @@ manager: dansimp
 
 You can manage and configure Microsoft Defender Antivirus with the following tools:
 
-- Microsoft Intune
+- Microsoft Intune (now part of Microsoft Endpoint Manager)
-- Microsoft Endpoint Configuration Manager
+- Microsoft Endpoint Configuration Manager (now part of Microsoft Endpoint Manager)
 - Group Policy
 - PowerShell cmdlets
 - Windows Management Instrumentation (WMI)
-- The mpcmdrun.exe utility
+- The Microsoft Malware Protection Command Line Utility (referred to as the *mpcmdrun.exe* utility
 
 The articles in this section provide further information, links, and resources for using these tools to manage and configure Microsoft Defender Antivirus.
 

windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md

@@ -1,6 +1,6 @@
 ---
-title: Specify cloud-delivered protection level in Microsoft Defender Antivirus
+title: Specify the cloud-delivered protection level for Microsoft Defender Antivirus
-description: Set the aggressiveness of cloud-delivered protection in Microsoft Defender Antivirus.
+description: Set your level of cloud-delivered protection for Microsoft Defender Antivirus.
 keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -10,7 +10,7 @@ ms.sitesec: library
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 08/12/2020
+ms.date: 10/26/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
@@ -25,56 +25,63 @@ ms.custom: nextgen
 
 - Microsoft Defender Antivirus
 
-You can specify the level of cloud-protection offered by Microsoft Defender Antivirus with Group Policy and Microsoft Endpoint Configuration Manager.
+You can specify your level of cloud-delivered protection offered by Microsoft Defender Antivirus by using Microsoft Endpoint Manager (recommended) or Group Policy.
 
->[!NOTE]
+> [!TIP]
->The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
+> Cloud protection is not simply protection for files that are stored in the cloud. The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and devices (also called endpoints). Cloud protection with Microsoft Defender Antivirus uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional security intelligence updates. 
+> Microsoft Intune and Microsoft Endpoint Configuration Manager are now part of [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview). 
 
-## Use Intune to specify the level of cloud-delivered protection
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+## Use Microsoft Endpoint Manager to specify the level of cloud-delivered protection
-2. Select **All services > Intune**.
+
-3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**.
+
-5. On the **File Blocking Level** switch, select one of the following:
+2. Choose **Endpoint security** > **Antivirus**.
+
+3. Select an antivirus profile. (If you don't have one yet, or if you want to create a new profile, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
+
+4. Select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
+
+5. Expand **Cloud protection**, and then in the **Cloud-delivered protection level** list, select one of the following:
 
     1. **High**: Applies a strong level of detection.
-    2. **High +**: Uses the **High** level and applies additional protection measures (may impact client performance).
+    2. **High plus**: Uses the **High** level and applies additional protection measures (may impact client performance).
     3. **Zero tolerance**: Blocks all unknown executables.
 
-8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
+6. Choose **Review + save**, and then choose **Save**. 
 
-For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)
+> [!TIP]
+> Need some help? See the following resources:
+> - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
+> - [Add endpoint protection settings in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-configure)
   
 
-## Use Configuration Manager to specify the level of cloud-delivered protection
-
-See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
-
 ## Use Group Policy to specify the level of cloud-delivered protection
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx).
 
 2. Right-click the Group Policy Object you want to configure, and then click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**. 
+3.  In the **Group Policy Management Editor** go to **Computer Configuration** > **Administrative templates**.
 
-4.  Click **Administrative templates**.
+4.  Expand the tree to **Windows Components** > **Microsoft Defender Antivirus** > **MpEngine**.
 
-5.  Expand the tree to **Windows components > Microsoft Defender Antivirus > MpEngine**.
+5.  Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
-
-6.  Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
     - **Default blocking level** provides strong detection without increasing the risk of detecting legitimate files.
     - **Moderate blocking level** provides moderate only for high confidence detections
-    - **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives).
+    - **High blocking level** applies a strong level of detection while optimizing client performance (but can also give you a greater chance of false positives).
-    - **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives).
+    - **High + blocking level** applies additional protection measures (might impact client performance and increase your chance of false positives).
     - **Zero tolerance blocking level** blocks all unknown executables.
     
     > [!WARNING]
     > While unlikely, setting this switch to **High** or **High +** may cause some legitimate files to be detected (although you will have the option to unblock or dispute that detection).
 
-7. Click **OK**.
+6. Click **OK**.
 
+7. Deploy your updated Group Policy Object. See [Group Policy Management Console](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx)
+
+> [!TIP]
+> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](https://docs.microsoft.com/mem/intune/configuration/group-policy-analytics). 
   
 ## Related articles
 

windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/03/2018
+ms.date: 10/26/2018
 ms.reviewer: 
 manager: dansimp
 ---
@@ -25,13 +25,23 @@ manager: dansimp
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-If you are using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Microsoft Defender Antivirus scans.
+If you were using Microsoft Endpoint Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can now use Microsoft Endpoint Manager to manage Microsoft Defender Antivirus scans.
 
-In some cases, the protection will be labeled as Endpoint Protection, although the engine is the same as that used by Microsoft Defender Antivirus.
+1. In the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), navigate to **Endpoint Security**.
 
-See the [Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-protection) library on docs.microsoft.com for information on using Configuration Manager.
+2. Under **Manage**, choose **Antivirus**.
 
-For Microsoft Intune, consult the [Microsoft Intune library](https://docs.microsoft.com/intune/introduction-intune) and [Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
+3. Select your Microsoft Defender Antivirus policy. 
+
+4. Under **Manage**, choose **Properties**.
+
+5. Next to **Configuration settings**, choose **Edit**.
+
+6. Expand the **Scan** section, and review or edit your scanning settings.
+
+7. Choose **Review + save**
+
+Need help? See [Manage endpoint security in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security).
 
 
 ## Related articles

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md

@@ -45,7 +45,9 @@ For information on other tables in the advanced hunting schema, see [the advance
 | `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
 | `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
 | `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured |
-
+| `IsApplicable` | boolean | Indicates whether the configuration or policy applies to the device |
+| `Context`	| string | Additional contextual information about the configuration or policy |
+| `IsExpectedUserImpactCompliant` | boolean | Indicates whether there will be user impact if the configuration or policy is applied |
 
 ## Related topics
 

windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md

@@ -109,11 +109,12 @@ See [Netsh Command Syntax, Contexts, and Formatting](https://docs.microsoft.com/
 
 If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.
 
+The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
 
 
-|**Item**|**Description**|
+|**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-docs-pr/blob/prereq-urls/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)<br/> [Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)  | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. 
+|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)<br/>  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning.

windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md

@@ -52,8 +52,13 @@ You must have **Manage security settings** permissions to:
 - Reset password
 - Create simulations 
  
+If you enabled role-based access control (RBAC) and created at least a one machine group, users must have access to All machine groups.
+
 For more information, see [Create and manage roles](user-roles.md).
 
+
+
+
 Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
 
 

windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md

@@ -27,8 +27,6 @@ ms.topic: article
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-[!include[Prerelease information](../../includes/prerelease.md)]
-
 To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.
 
 >[!NOTE]

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md

@@ -0,0 +1,97 @@
+---
+title: Microsoft Defender ATP for iOS - Privacy information
+ms.reviewer:
+description: Describes privacy information for Microsoft Defender ATP for iOS
+keywords: microsoft, defender, atp, ios, policy, overview
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: conceptual
+---
+
+# Privacy information - Microsoft Defender ATP for iOS
+
+>[!NOTE] 
+> Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.
+
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. The information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected, and to support the service. 
+
+## Required data 
+
+Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
+
+Here is a list of the types of data being collected: 
+
+### Web page or Network information 
+
+- Connection information only when a malicious connection or web page is detected. 
+
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
+
+### Device and account information 
+
+- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: 
+
+    - Wi-Fi adapter MAC address 
+
+    - Randomly generated globally unique identifier (GUID) 
+
+- Tenant, Device and User information 
+
+    - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
+
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. 
+
+    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
+
+    - User Principal Name – Email ID of the user. 
+
+### Product and service usage data 
+
+The following information is collected only for Microsoft Defender ATP app installed on the device. 
+
+- App package info, including name, version, and app upgrade status. 
+
+- Actions performed in the app. 
+
+- Crash report logs generated by iOS. 
+
+- Memory usage data. 
+
+## Optional Data 
+
+Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
+
+Optional diagnostic data includes: 
+
+- App, CPU, and network usage for Microsoft Defender ATP. 
+
+- Features configured by the admin. 
+
+- Basic information about the browsers on the device. 
+
+Feedback Data is collected through in-app feedback provided by the user. 
+
+- The user’s email address, if they choose to provide it.
+
+- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
+
+For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement).
+
+
+
+
+
+
+

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md

@@ -97,10 +97,9 @@ After you've enabled the service, you may need to configure your network or fire
 The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an *allow* rule specifically for them.
 
 
-
+|**Spreadsheet of domains list**|**Description**|
-|**Item**|**Description**|
 |:-----|:-----|
-|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)<br/> [Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)  | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. 
+|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)<br/>  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md

@@ -90,9 +90,9 @@ The following downloadable spreadsheet lists the services and their associated U
 
 
 
-|**Item**|**Description**|
+|**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)<br/> [Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)  | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. 
+|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)<br/>  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -68,11 +68,6 @@ Information protection is an integral part of Microsoft 365 Enterprise suite, pr
     >[!NOTE]
     >Partially available from Windows 10, version 1809.
 
-- [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md) <BR> Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored devices.
-
-    >[!NOTE]
-    >Available from Windows 10, version 1809 or later.
-
 - [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) <BR> Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
 
 

windows/security/threat-protection/microsoft-defender-atp/production-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Set up Microsoft Defender ATP deployment
-description: 
+description: Learn how to setup the deployment for Microsoft Defender ATP
-keywords:
+keywords: deploy, setup, licensing validation, tenant configuration, network configuration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -46,7 +46,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
     </td>
     <td align="center">
       <a href="https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboarding">
-        <img src="images/onboard.png" alt="Onboard" title="Onboard" />
+        <img src="images/onboard.png" alt="Onboard image" title="Onboard" />
       <br/>Phase 3: Onboard </a><br>
 </td>
 
@@ -54,7 +54,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
   </tr>
 </table>
 
-You are currently in the set up phase.
+You are currently in the set-up phase.
 
 In this deployment scenario, you'll be guided through the steps on:
 - Licensing validation
@@ -69,13 +69,13 @@ In this deployment scenario, you'll be guided through the steps on:
 
 Checking for the license state and whether it got properly provisioned, can be done through the admin center or through the **Microsoft Azure portal**.
 
-1. To view your licenses go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products).
+1. To view your licenses, go to the **Microsoft Azure portal** and navigate to the [Microsoft Azure portal license section](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products).
 
    ![Image of Azure Licensing page](images/atp-licensing-azure-portal.png)
 
 1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**.
 
-    On the screen you will see all the provisioned licenses and their current **Status**.
+    On the screen, you will see all the provisioned licenses and their current **Status**.
 
     ![Image of billing licenses](images/atp-billing-subscriptions.png)
 
@@ -84,9 +84,9 @@ Checking for the license state and whether it got properly provisioned, can be d
 
 To gain access into which licenses are provisioned to your company, and to check the state of the licenses, go to the admin center.
 
-1. From the **Partner portal**, click on the **Administer services > Office 365**.
+1. From the **Partner portal**, select **Administer services > Office 365**.
 
-2. Clicking on the **Partner portal** link will leverage the **Admin on behalf** option and will give you access to the customer admin center.
+2. Clicking on the **Partner portal** link will open the **Admin on behalf** option and will give you access to the customer admin center.
 
    ![Image of O365 admin portal](images/atp-O365-admin-portal-customer.png)
 
@@ -94,7 +94,7 @@ To gain access into which licenses are provisioned to your company, and to check
 
 ## Tenant Configuration
 
-When accessing [Microsoft Defender Security Center](https://securitycenter.windows.com/) for the first time there will be a set up wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client device.
+When accessing Microsoft Defender Security Center for the first time, a wizard that will guide you through some initial steps. At the end of the setup wizard, there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client device.
 
 1. From a web browser, navigate to <https://securitycenter.windows.com>.
 
@@ -109,9 +109,9 @@ When accessing [Microsoft Defender Security Center](https://securitycenter.windo
 
 4. Set up preferences.
 
-   **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation. 
+   **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation. 
 
-    **Data retention** - The default is 6 months.
+    **Data retention** - The default is six months.
 
     **Enable preview features** - The default is on, can be changed later.
 
@@ -137,11 +137,11 @@ WinHTTP configuration setting is independent of the Windows Internet (WinINet)
 internet browsing proxy settings and can only discover a proxy server by using
 the following discovery methods:
 
-**Auto-discovery methods:**
+**Autodiscovery methods:**
 
 -   Transparent proxy
 
--   Web Proxy Auto-discovery Protocol (WPAD)
+-   Web Proxy Autodiscovery Protocol (WPAD)
 
 If a Transparent proxy or WPAD has been implemented in the network topology,
 there is no need for special configuration settings. For more information on
@@ -155,7 +155,7 @@ Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defe
 
 **Manual static proxy configuration:**
 
--   Registry based configuration
+-   Registry-based configuration
 
 -   WinHTTP configured using netsh command <br> Suitable only for desktops in a
     stable topology (for example: a desktop in a corporate network behind the
@@ -175,13 +175,13 @@ under:
 1. Open the Group Policy Management Console.
 2. Create a policy or edit an existing policy based off the organizational practices.
 3. Edit the Group Policy and navigate to **Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service**. 
-    ![Image of Group Policy setting](images/atp-gpo-proxy1.png)
+    ![Image of Group Policy configuration](images/atp-gpo-proxy1.png)
 
 4. Select **Enabled**.
 5. Select **Disable Authenticated Proxy usage**.
    
 6. Navigate to **Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure connected user experiences and telemetry**.
-    ![Image of Group Policy setting](images/atp-gpo-proxy2.png)
+    ![Image of Group Policy configuration setting](images/atp-gpo-proxy2.png)
 7. Select **Enabled**.
 8. Enter the **Proxy Server Name**.
 
@@ -205,7 +205,7 @@ Use netsh to configure a system-wide static proxy.
 > - This will affect all applications including Windows services which use WinHTTP with default proxy.</br>
 > - Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration.
 
-1. Open an elevated command-line:
+1. Open an elevated command line:
 
     1. Go to **Start** and type **cmd**.
 
@@ -223,7 +223,7 @@ Use netsh to configure a system-wide static proxy.
 ###  Proxy Configuration for down-level devices
 
 Down-Level devices include Windows 7 SP1 and Windows 8.1 workstations as well
-as Windows Server 2008 R2, Windows Sever 2012, Windows Server 2012 R2, and
+as Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and
 versions of Windows Server 2016 prior to Windows Server CB 1803. These operating
 systems will have the proxy configured as part of the Microsoft Management Agent
 to handle communication from the endpoint to Azure. Refer to the
@@ -238,15 +238,16 @@ needed if the device is on Windows 10, version 1803 or later.
 
 If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the listed URLs.
 
+The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. Ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
 
-|**Item**|**Description**|
+|**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|[![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)<br/> [Spreadsheet](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx)  | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. 
+|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)<br/>  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 ###  Microsoft Defender ATP service backend IP range
 
-If you network devices don't support the URLs white-listed in the prior section, you can use the following information.
+If you network devices don't support the URLs listed in the prior section, you can use the following information.
 
 Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:
 

windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md

@@ -0,0 +1,85 @@
+---
+title: Vulnerable devices report- threat and vulnerability management
+description: A report showing vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
+keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: article
+---
+
+# Vulnerable devices report- threat and vulnerability management
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+> [!IMPORTANT]
+> **Vulnerable devices report is currently in public preview**<br>
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
+> For more information, see [Microsoft Defender ATP preview features](preview.md).
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
+
+Access the report in the Microsoft Defender Security Center by going to **Reports > Vulnerable devices**
+
+There are two columns:
+
+- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
+- Today (current information)
+
+**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+
+**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
+
+## Severity level graphs
+
+Each device is counted only once according to the most severe vulnerability found on that device.
+
+![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
+
+## Exploit availability graphs
+
+Each device is counted only once based on the highest level of known exploit.
+
+![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
+
+## Vulnerability age graphs
+
+Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
+
+![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
+
+## Vulnerable devices by operating system platform graphs
+
+The number of devices on each operating system that are exposed due to software vulnerabilities.
+
+![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
+
+## Vulnerable devices by Windows 10 version graphs
+
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
+
+![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Security recommendations](tvm-security-recommendation.md)
+
+