diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn
new file mode 100644
index 0000000000..92f0d843c1
--- /dev/null
+++ b/.acrolinx-config.edn
@@ -0,0 +1,2 @@
+{:allowed-branchname-matches ["master"]
+ :allowed-filename-matches ["windows/"]}
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 7fe80d11dc..3f594aa5fb 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -856,73 +856,193 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-features",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/alerts-queue",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/apis-intro.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/api-hello-world.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/api-hello-world",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/attack-simulations",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/automated-investigations",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/basic-permissions",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/community",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/conditional-access",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection",
+"source_path": "windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
+"source_path": "windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+"redirect_document_id": false
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection",
+"source_path": "windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
@@ -931,53 +1051,193 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-siem",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-splunk",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings",
+"redirect_document_id": true
+},    
+{
 "source_path": "windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/deprecate.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/deprecate",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
@@ -986,23 +1246,98 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/evaluate-atp.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/event-error-codes",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealthy-sensors",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealthy-sensors.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview",
 "redirect_document_id": true
 },
 {
@@ -1011,43 +1346,148 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-domain",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-files",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-ip",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-machines",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/investigate-user",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/licensing",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine-groups",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine-reports",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine-tags",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-alerts",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-edr.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-edr",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/management-apis.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/management-apis",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-incidents",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules",
 "redirect_document_id": true
 },
 {
@@ -1056,38 +1496,138 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/mssp-support",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/offboard-machines",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard-configure",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/onboard.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/overview.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-hunting",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/partner-applications",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/portal-overview",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/powershell-example-code",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preferences-setup",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/prerelease.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/prerelease",
 "redirect_document_id": true
 },
 {
@@ -1096,38 +1636,103 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preview",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preview-settings",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/python-example-code",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/rbac",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/response-actions",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-detection-test",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard",
 "redirect_document_id": true
 },
 {
@@ -1136,8 +1741,8 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/service-status",
 "redirect_document_id": true
 },
 {
@@ -1146,28 +1751,58 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/time-settings",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md",
+"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
+ "redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md",
+"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
@@ -1176,8 +1811,53 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection",
+"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-overview.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem",
 "redirect_document_id": true
 },
 {
@@ -1186,11 +1866,61 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user-roles",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
+"source_path": "windows/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/whats-new-in-microsoft-defender-atp",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard",
 "redirect_document_id": true
@@ -1416,11 +2146,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus",
 "redirect_document_id": true
@@ -5171,11 +5896,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md",
-"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md",
 "redirect_url": "/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus",
 "redirect_document_id": true
@@ -5196,11 +5916,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/manage/cortana-at-work-scenario-7.md",
 "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-7",
 "redirect_document_id": true
@@ -5711,11 +6426,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md",
 "redirect_url": "https://technet.microsoft.com/library/jj635854.aspx",
 "redirect_document_id": true
@@ -5766,11 +6476,6 @@
 "redirect_document_id": false
 },
 {
-"source_path": "windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
-"redirect_document_id": false
-},
-{
 "source_path": "windows/keep-secure/passport-event-300.md",
 "redirect_url": "/windows/access-protection/hello-for-business/hello-event-300",
 "redirect_document_id": true
@@ -7751,11 +8456,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/advanced-security-audit-policy-settings.md",
 "redirect_url": "/windows/device-security/auditing/advanced-security-audit-policy-settings",
 "redirect_document_id": true
@@ -7856,11 +8556,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/assign-security-group-filters-to-the-gpo.md",
 "redirect_url": "/windows/access-protection/windows-firewall/assign-security-group-filters-to-the-gpo",
 "redirect_document_id": true
@@ -8466,11 +9161,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/configure-authentication-methods.md",
 "redirect_url": "/windows/access-protection/windows-firewall/configure-authentication-methods",
 "redirect_document_id": true
@@ -8521,11 +9211,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/configure-exceptions-for-an-applocker-rule.md",
 "redirect_url": "/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule",
 "redirect_document_id": true
@@ -9161,11 +9846,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/enable-the-dll-rule-collection.md",
 "redirect_url": "/windows/device-security/applocker/enable-the-dll-rule-collection",
 "redirect_document_id": true
@@ -11206,11 +11886,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md",
 "redirect_url": "/windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
 "redirect_document_id": true
@@ -11831,16 +12506,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md",
-"redirect_url": "/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/keep-secure/trusted-platform-module-overview.md",
 "redirect_url": "/windows/device-security/tpm/trusted-platform-module-overview",
 "redirect_document_id": true
@@ -13586,36 +14251,11 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
 },
 {
-"source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md",
 "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809",
 "redirect_document_id": true
@@ -13696,6 +14336,36 @@
 "redirect_document_id": true
 },
 {
+"source_path":"windows/security/threat-protection/windows-defender-atp/use-apis.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis",
+"redirect_document_id": false
+},
+{
+"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp",
+"redirect_document_id": false
+},
+{
+"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp",
+"redirect_document_id": false
+ },
+{
+"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell",
+"redirect_document_id": false
+},
+{
+"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list",
+"redirect_document_id": false
+},
+{
+"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples",
+"redirect_document_id": false
+},
+{
 "source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
@@ -13721,11 +14391,21 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alerts",
+"redirect_document_id": false
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
@@ -13736,34 +14416,64 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
-"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-"redirect_document_id": false
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics",
+"redirect_document_id": true
 },
 {
 "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md",
@@ -13771,6 +14481,11 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
@@ -13779,22 +14494,43 @@
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
-},{
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-information",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
@@ -13810,63 +14546,128 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-filemachineaction-object",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-filemachineactions-collection",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object",
 "redirect_document_id": false
 },
 {
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection",
 "redirect_document_id": false
 },
 {
@@ -13875,26 +14676,61 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-machines",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-started.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-started",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machine",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/isolate-machine",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
@@ -13905,36 +14741,116 @@
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-ms-flow",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-user-token",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
-"source_path": "windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md",
+"source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-av-scan",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-user-information",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/incidents-queue",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
@@ -13945,14 +14861,119 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-analytics",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/alerts",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/files",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machineaction",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/machineactionsnote.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/ti-indicator",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/update-alert",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
 "redirect_document_id": true
 },
 {
-    "source_path": "windows/windows-10/release-information/release-information.md",
-    "redirect_url": "/windows/release-information",
-    "redirect_document_id": true
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/hub/windows-10-landing.yml",
+"redirect_url": "/windows/hub/windows-10",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md",
+"redirect_url": "windows/security/threat-protection/microsoft-defender-atp/improve-request-performance",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/hub/release-information.md",
+"redirect_url": "/windows/release-information",
+"redirect_document_id": true
 }
 ]
 }
diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml
index 6e7a2ccb42..7ee2caf174 100644
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@@ -92,7 +92,7 @@ sections:
 
     - href:  https://docs.microsoft.com/microsoft-edge/deploy/group-policies/developer-settings-gp
 
-      html: <p>Learn how configure Microsoft Edge for development and testing.</p>
+      html: <p>Learn how to configure Microsoft Edge for development and testing.</p>
 
       image:
 
diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
index 58dfd6be9a..ce0f753466 100644
--- a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
@@ -6,4 +6,4 @@ ms.prod: edge
 ms:topic: include
 ---
 
-Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default.  Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on.  Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. 
\ No newline at end of file
+Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default.  Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off.  Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index bed077a506..96c9783664 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -16,9 +16,9 @@ If you’re having problems launching your legacy apps while running Internet Ex
 
  **To turn managed browser hosting controls back on**
 
-1.  **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+1.  **For x86 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
-2.  **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+2.  **For 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
 For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index 47c4caf92b..c6c5cf099e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -43,7 +43,10 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all
 
    Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
 
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
+6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution.
+
+        >[!Note]
+        >Step 3 of this topic provides the steps to create your database.
 
 7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
 
@@ -105,17 +108,6 @@ Create a new Application Pool and the website, by using the IIS Manager.
     >[!Note]
     >You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
 
-10. Return to the **<<i>website_name</i>> Home** pane, and double-click the **Connection Strings** icon.
-
-11. Open the **LOBMergedEntities Connection String** to edit: 
-
-    - **Data source.** Type the name of your local computer.
-
-    - **Initial catalog.** The name of your database.
-
-        >[!Note]
-        >Step 3 of this topic provides the steps to create your database.
-
 ## Step 3 - Create and prep your database
 Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
 
@@ -229,4 +221,4 @@ Register the EMIEScheduler tool and service for production site list changes.
 
 - [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
 
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
\ No newline at end of file
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md
index 634261a1e3..3c04327201 100644
--- a/devices/surface-hub/accessibility-surface-hub.md
+++ b/devices/surface-hub/accessibility-surface-hub.md
@@ -5,10 +5,9 @@ ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442
 keywords: Accessibility settings, Settings app, Ease of Access
 ms.prod: surface-hub
 ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: robmazz
+ms.author: robmazz
 ms.topic: article
-ms.date: 08/16/2017
 ms.localizationpriority: medium
 ---
 
diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md
index 9771aacb0d..03a43060a5 100644
--- a/devices/surface/assettag.md
+++ b/devices/surface/assettag.md
@@ -27,7 +27,7 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices.
 To run Surface Asset Tag:
 
 1.  On the Surface device, download **Surface Pro 3 AssetTag.zip** from the [Microsoft Download
-    Center](http://www.microsoft.com/download/details.aspx?id=44076),
+    Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703),
     extract the zip file, and save AssetTag.exe in desired folder (in
     this example, C:\\assets).
 
diff --git a/devices/surface/images/sdt-install.png b/devices/surface/images/sdt-install.png
new file mode 100644
index 0000000000..ce0fe297d7
Binary files /dev/null and b/devices/surface/images/sdt-install.png differ
diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md
index b9910dfc97..e4e4b988cd 100644
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@@ -56,9 +56,14 @@ Full Brightness   | Default: 100  <br>Option: Range of 0-100 percent of screen b
 | Inactivity Timeout| Default: 30 seconds <br>Option: Any numeric value  <br>Data Type: Integer  <br> Type: REG_DWORD | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.|
 | Telemetry  Enabled | Default: 01 <br>Option: 01, 00 <br> Type: REG_BINARY  | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). |
 
+## Changes and updates
+
+### Version 1.12.239.0
+*Release Date: 26 April 2019*<br>
+This version of Surface Brightness Control adds support for the following:
+- Touch delay fixes.
 
 
 ## Related topics
 
 - [Battery limit setting](battery-limit.md)
-
diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md
index 0a73499333..1623b7fd0b 100644
--- a/devices/surface/surface-diagnostic-toolkit-business.md
+++ b/devices/surface/surface-diagnostic-toolkit-business.md
@@ -27,13 +27,11 @@ Specifically, SDT for Business enables you to:
 
 To run SDT for Business, download the components listed in the following table.
 
->[!NOTE]
->In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (msiexec.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md).  
 
 Mode |	Primary scenarios | Download | Learn more
 --- | --- | --- | ---
 Desktop mode |	Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:<br>Microsoft Surface Diagnostic Toolkit for Business Installer<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
-Command line |	Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br><br>**Note:** Support for the ability to confirm warranty information will be available via the  command `-warranty`	| SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
+Command line |	Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br>`-warranty` checks warranty information. <br><br>| SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
 
 ## Supported devices 
 
@@ -57,16 +55,40 @@ SDT for Business is supported on Surface 3 and later devices, including:
 
 ## Installing Surface Diagnostic Toolkit for Business
 
-To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
+To create an SDT package that you can distribute to users in your organization:
+
+1.	Sign in to your Surface device using the Administrator account.
+2.	Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
+3.	The SDT setup wizard appears, as shown in figure 1. Click **Next**. 
+
+    >[!NOTE]
+    >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. 
+
+    ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png)
+
+    *Figure 1. Surface Diagnostic Toolkit setup wizard*
+
+4. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA)
+
+5.	On the Install Options screen, change the default install location if desired. 
+6.	Under Setup Type, select **Advanced**. 
+
+    >[!NOTE]
+    >The standard option allows users to run the diagnostic tool directly on their Surface device provided they are signed into their device using an Administrator account. 
+    
+     ![Install Options: Advanced](images/sdt-install.png)
+
+7.	Click **Next** and then click **Install**. 
+
+## Installing using the command line
+If desired, you can install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
 
 - `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry.
 - `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`.
 
-**To install SDT in ADMINMODE:**
+### To install SDT from the command line:
 
-1.	Sign in to your Surface device using the Administrator account.
-2.	Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
-3.	Open a command prompt and enter:
+1.	Open a command prompt and enter:
 
     ```
     msiexec.exe /i <the path of installer> ADMINMODE=1. 
@@ -77,19 +99,6 @@ To create an SDT package that you can distribute to users in your organization,
     C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1
     ```
 
-4.	The SDT setup wizard appears, as shown in figure 1. Click **Next**. 
-
-    >[!NOTE]
-    >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. 
-
-    ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png)
-
-    *Figure 1. Surface Diagnostic Toolkit setup wizard*
-
-5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package. 
-
-6.	Click **Next** and then click **Install**. 
-
 ## Locating SDT on your Surface device
 
 Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`.
@@ -154,7 +163,14 @@ You can select to run a wide range of logs across applications, drivers, hardwar
 - [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
 
 
-
+## Changes and updates
+### Version 2.36.139.0
+*Release date: April 26, 2019*<br>
+This version of Surface Diagnostic Toolkit for Business adds support for the following: 
+- Advanced Setup option to unlock admin capabilities through the installer UI, without requiring command line configuration.
+- Accessibility improvements.
+- Surface brightness control settings included in logs.
+- External monitor compatibility support link in report generator.
 
 
 
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 0bf1fdc2d4..f6afc25250 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -28,8 +28,8 @@ Organizations or schools of any size can benefit from using Microsoft Store for
 - **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts or Office 365 accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate Microsoft Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
 - **Bulk app acquisition** - Acquire apps in volume from Microsoft Store for Business.
 - **Centralized management** – Microsoft Store provides centralized management for inventory, billing, permissions, and order history. You can use Microsoft Store to view, manage and distribute items purchased from:
-    - **Microsoft Store for Business** – Apps and subscriptions
-    - **Microsoft Store for Education** – Apps and subscriptions
+    - **Microsoft Store for Business** – Apps acquired from Microsoft Store for Business
+    - **Microsoft Store for Education** – Apps acquired from Microsoft Store for Education
     - **Office 365** – Subscriptions
     - **Volume licensing** - Apps purchased with volume licensing
 - **Private store** - Create a private store for your business that’s easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices. 
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 53a38b3f05..9cb9b8fade 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -95,12 +95,12 @@ If your apps require custom prerequisites, such as Microsoft SQL Server, we reco
 2. Open PowerShell as an admin and run the **Connect-AppvSequencerVM** cmdlet, using the following parameters:
 
     ```ps1
-    Connect-AppvSequencerVM -VMName "<name_of_vm>" -ADKPath "<path_to_adk_install_folder>"
+    Connect-AppvSequencerVM -VMName "<name_of_vm>"
     ```
     
     Where ```<name_of_vm>``` is the name of the VM as shown in the Hyper-V Manager tool.
 
-This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
+This command connects to an existing Hyper-V VM using the provided VM name for auto-sequencing.
 
 ### Review the provisioning log files
 
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index dca1b3b048..9a68fb9338 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -93,20 +93,11 @@ The following table lists the supported shell extensions:
 
 Copy on write (CoW) file extensions allow App-V to dynamically write to specific locations contained in the virtual package while it is being used.
 
-The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified.
+The following table displays the file types that can exist in a virtual package under the VFS directory, since App-V 5.1, but which cannot be updated on the computer running the App-V client. All other files and directories can be modified.
 
 | File Type||||||
 |---|---|---|---|---|---|
-| .acm | .asa | .asp | .aspx | .ax | .bat |
-| .cer  | .chm  | .clb | .cmd  | .cnt  | .cnv  |
-| .com | .cpl | .cpx  | .crt | .dll | .drv |
-| .esc | .exe  | .fon  | .grp | .hlp | .hta |
-| .ime | .inf  | .ins  | .isp | .its | .js |
-| .jse | .lnk | .msc | .msi | .msp | .mst |
-| .mui | .nls | .ocx  | .pal | .pcd | .pif |
-| .reg  | .scf | .scr | .sct | .shb | .shs  |
-| .sys  | .tlb  | .tsp | .url | .vb | .vbe |
-| .vbs  | .vsmacros | .ws  | .wsf | .wsh  |  |
+| .com | .exe | .dll | .ocx |  |
 
 ## Modifying an existing virtual application package
 
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 19820b0309..18e6657277 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -26,9 +26,13 @@ Root node.
 Interior node for the account domain information.
 
 <a href="" id="domain-computername"></a>**Domain/ComputerName**  
-This node specifies the name for a device.  This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution:  %RAND:<# of digits>% and %SERIAL%.  
+This node specifies the DNS hostname for a device. This setting can be managed remotely, but note that this not supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
 
-Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456").  (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect.
+Available naming macros:
+|Macro|Description|Example|Generated Name|
+|:---|:---|:---|:---|
+|%RAND:<# of digits>|Generates the specified number of random digits.|Test%RAND:6%|Test123456|
+|%SERIAL%|Generates the serial number derived from the device. If the serial number causes the new name to exceed the 15 character limit, the serial number will be truncated from the beginning of the sequence.|Test-Device-%SERIAL%|Test-Device-456|
 
 Supported operation is Add.
 
@@ -46,4 +50,4 @@ Supported operation is Add.
 <a href="" id="users-username-localusergroup"></a>**Users/_UserName_/LocalUserGroup**  
 This optional node specifies the local user group that a local user account should be joined to.  If the node is not set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.
 
-Supported operation is Add.
\ No newline at end of file
+Supported operation is Add.
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 13f0987eca..b6470b0c3d 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -22,6 +22,9 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
 > [!Warning]
 > You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
 
+> [!Note]
+> If the application calls KeyCredentialManager.IsSupportedAsync when it is running in assigned access mode and it returns false on the first run, invoke the settings screen and select a convenience PIN to use with Windows Hello. This is the settings screen that is hidden by the application running in assigned access mode. You can only use Windows Hello if you first leave assigned access mode, select your convenience pin, and then go back into assigned access mode again. 
+
 > [!Note]
 > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
 
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 17e70ad2c6..917fb0bafa 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/06/2018
+ms.date: 05/02/2019
 ---
 # BitLocker CSP
 
@@ -136,7 +136,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">Data type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
 
 <a href="" id="encryptionmethodbydrivetype"></a>**EncryptionMethodByDriveType** 
-<p style="margin-left: 20px">Allows you to set the default encrytion method for each of the different drive types. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".</p>
+<p style="margin-left: 20px">Allows you to set the default encrytion method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)". </p>
 <table>
 <tr>
 	<th>Home</th>
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index a20317c21f..d286f6f918 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/26/2018
+ms.date: 04/30/2019
 ---
 
 # DeviceStatus CSP
@@ -157,6 +157,12 @@ Valid values:
 
 Supported operation is Get.
 
+If more than one antivirus provider is active, this node returns:
+-   1 – If every active antivirus provider has a valid signature status.
+-   0 – If any of the active antivirus providers has an invalid signature status.
+
+This node also returns 0 when no antivirus provider is active.
+
 <a href="" id="devicestatus-antivirus-status"></a>**DeviceStatus/Antivirus/Status**  
 Added in Windows, version 1607. Integer that specifies the status of the antivirus.
 
@@ -186,6 +192,12 @@ Valid values:
 
 Supported operation is Get.
 
+If more than one antispyware provider is active, this node returns:
+-   1 – If every active antispyware provider has a valid signature status.
+-   0 – If any of the active antispyware providers has an invalid signature status.
+
+This node also returns 0 when no antispyware provider is active.
+
 <a href="" id="devicestatus-antispyware-status"></a>**DeviceStatus/Antispyware/Status**  
 Added in Windows, version 1607. Integer that specifies the status of the antispyware.
 
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 24e4a9039a..b79c6c1219 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -108,6 +108,15 @@ Requirements:
 - Ensure that PCs belong to same computer group.
 
 1.	Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
+    >[!Note] 
+    >If you do not see the policy, it may be caused because you don’t have the ADMX installed for Windows 10, version 1803. To fix the issue, follow these steps:        
+    >   1. Download [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)
+](https://www.microsoft.com/en-us/download/details.aspx?id=56880).
+    >   2. Install the package on the Primary Domain Controller.
+    >   3. Navigate to the folder **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**.
+    >   4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**.
+    >   5. Restart the Primary Domain Controller for the policy to be available.
+
 2.	Create a Security Group for the PCs.
 3.	Link the GPO.
 4.	Filter using Security Groups.
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index 22ee108fb4..6a8c928ee7 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -553,7 +553,7 @@ The following code shows sample provisioning XML (presented in the preceding pac
    <characteristic type="CertificateStore">
       <characteristic type="Root">
          <characteristic type="System">
-            <characteristic type="031336C933CC7E228B88880D78824FB2909A0A2F">
+            <characteristic type="Encoded Root Cert Hash Inserted Here">
                <parm name="EncodedCertificate" value="B64 encoded cert insert here" />
             </characteristic>
          </characteristic>
@@ -562,7 +562,7 @@ The following code shows sample provisioning XML (presented in the preceding pac
    <characteristic type="CertificateStore">
       <characteristic type="My" >      
          <characteristic type="User">
-            <characteristic type="F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462">
+            <characteristic type="Encoded Root Cert Hash Inserted Here">
                <parm name="EncodedCertificate" value="B64EncodedCertInsertedHere" />
             </characteristic>
             <characteristic type="PrivateKeyContainer"/> 
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index b7d977b310..b65d073b2a 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,45 +10,50 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/06/2018
+ms.date: 05/15/2019
 ---
 
-# What's new in MDM enrollment and management
+# What's new in mobile device enrollment and management
 
 
 This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
 
-For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
+For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). 
 
-## In this section
+- **What’s new in MDM for Windows 10 versions**
+  - [What’s new in MDM for Windows 10, version 1903](#whats-new-in-mdm-for-windows-10-version-1903)
+  - [What’s new in MDM for Windows 10, version 1809](#whats-new-in-mdm-for-windows-10-version-1809)
+  - [What’s new in MDM for Windows 10, version 1803](#whats-new-in-mdm-for-windows-10-version-1803)
+  - [What’s new in MDM for Windows 10, version 1709](#whats-new-in-mdm-for-windows-10-version-1709)
+  - [What’s new in MDM for Windows 10, version 1703](#whats-new-in-mdm-for-windows-10-version-1703)
+  - [What’s new in MDM for Windows 10, version 1607](#whats-new-in-mdm-for-windows-10-version-1607)
+  - [What’s new in MDM for Windows 10, version 1511](#whats-new-in-mdm-for-windows-10-version-1511)
 
-- [What's new in MDM enrollment and management](#whats-new-in-mdm-enrollment-and-management)
-  - [In this section](#in-this-section)
-  - [<a href="" id="whatsnew"></a>What's new in Windows 10, version 1511](#a-href%22%22-id%22whatsnew%22awhats-new-in-windows-10-version-1511)
-  - [<a href="" id="whatsnew1607"></a>What's new in Windows 10, version 1607](#a-href%22%22-id%22whatsnew1607%22awhats-new-in-windows-10-version-1607)
-  - [<a href="" id="whatsnew10"></a>What's new in Windows 10, version 1703](#a-href%22%22-id%22whatsnew10%22awhats-new-in-windows-10-version-1703)
-  - [<a href="" id="whatsnew1709"></a>What's new in Windows 10, version 1709](#a-href%22%22-id%22whatsnew1709%22awhats-new-in-windows-10-version-1709)
-  - [<a href="" id="whatsnew1803"></a>What's new in Windows 10, version 1803](#a-href%22%22-id%22whatsnew1803%22awhats-new-in-windows-10-version-1803)
-  - [<a href="" id="whatsnew1809"></a>What's new in Windows 10, version 1809](#a-href%22%22-id%22whatsnew1809%22awhats-new-in-windows-10-version-1809)
-  - [Breaking changes and known issues](#breaking-changes-and-known-issues)
-    - [<a href="" id="getcommand"></a>Get command inside an atomic command is not supported](#a-href%22%22-id%22getcommand%22aget-command-inside-an-atomic-command-is-not-supported)
-    - [<a href="" id="notification"></a>Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#a-href%22%22-id%22notification%22anotification-channel-uri-not-preserved-during-upgrade-from-windows-81-to-windows-10)
-    - [<a href="" id="appsnotremoved"></a>Apps installed using WMI classes are not removed](#a-href%22%22-id%22appsnotremoved%22aapps-installed-using-wmi-classes-are-not-removed)
-    - [<a href="" id="cdata"></a>Passing CDATA in SyncML does not work](#a-href%22%22-id%22cdata%22apassing-cdata-in-syncml-does-not-work)
-    - [<a href="" id="sslsettings"></a>SSL settings in IIS server for SCEP must be set to "Ignore"](#a-href%22%22-id%22sslsettings%22assl-settings-in-iis-server-for-scep-must-be-set-to-%22ignore%22)
-    - [<a href="" id="enrollmentviaproxy"></a>MDM enrollment fails on the mobile device when traffic is going through proxy](#a-href%22%22-id%22enrollmentviaproxy%22amdm-enrollment-fails-on-the-mobile-device-when-traffic-is-going-through-proxy)
-    - [<a href="" id="unenrollment"></a>Server-initiated unenrollment failure](#a-href%22%22-id%22unenrollment%22aserver-initiated-unenrollment-failure)
-    - [<a href="" id="certissues"></a>Certificates causing issues with Wi-Fi and VPN](#a-href%22%22-id%22certissues%22acertificates-causing-issues-with-wi-fi-and-vpn)
-    - [<a href="" id="versioninformation"></a>Version information for mobile devices](#a-href%22%22-id%22versioninformation%22aversion-information-for-mobile-devices)
-    - [<a href="" id="whitelist"></a>Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#a-href%22%22-id%22whitelist%22aupgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues)
-    - [<a href="" id="frameworks"></a>Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#a-href%22%22-id%22frameworks%22aapps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218)
-    - [<a href="" id="wificertissue"></a>Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#a-href%22%22-id%22wificertissue%22amultiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile)
-    - [<a href="" id="remote"></a>Remote PIN reset not supported in Azure Active Directory joined mobile devices](#a-href%22%22-id%22remote%22aremote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices)
-    - [<a href="" id="renewwns"></a>MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#a-href%22%22-id%22renewwns%22amdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri)
-    - [<a href="" id="userprovisioning"></a>User provisioning failure in Azure Active Directory joined Windows 10 PC](#a-href%22%22-id%22userprovisioning%22auser-provisioning-failure-in-azure-active-directory-joined-windows-10-pc)
-    - [<a href="" id="kerberos"></a>Requirements to note for VPN certificates also used for Kerberos Authentication](#a-href%22%22-id%22kerberos%22arequirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication)
-    - [<a href="" id="pushbuttonreset"></a>Device management agent for the push-button reset is not working](#a-href%22%22-id%22pushbuttonreset%22adevice-management-agent-for-the-push-button-reset-is-not-working)
-  - [Change history in MDM documentation](#change-history-in-mdm-documentation)
+- **Breaking changes and known issues**
+  - [Get command inside an atomic command is not supported](#get-command-inside-an-atomic-command-is-not-supported)
+  - [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#notification-channel-uri-not-preserved-during-upgrade-from-windows-81-to-windows-10)
+  - [Apps installed using WMI classes are not removed](#apps-installed-using-wmi-classes-are-not-removed)
+  - [Passing CDATA in SyncML does not work](#passing-cdata-in-syncml-does-not-work)
+  - [SSL settings in IIS server for SCEP must be set to "Ignore"](#ssl-settings-in-iis-server-for-scep-must-be-set-to-ignore)
+  - [MDM enrollment fails on the mobile device when traffic is going through proxy](#mdm-enrollment-fails-on-the-mobile-device-when-traffic-is-going-through-proxy)
+  - [Server-initiated unenrollment failure](#server-initiated-unenrollment-failure)
+  - [Certificates causing issues with Wi-Fi and VPN](#certificates-causing-issues-with-wi-fi-and-vpn)
+  - [Version information for mobile devices](#version-information-for-mobile-devices)
+  - [Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#upgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues)
+  - [Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#apps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218)
+  - [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#multiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile)
+  - [Remote PIN reset not supported in Azure Active Directory joined mobile devices](#remote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices)
+  - [MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#mdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri)
+  - [User provisioning failure in Azure Active Directory joined Windows 10 PC](#user-provisioning-failure-in-azure-active-directory-joined-windows-10-pc)
+  - [Requirements to note for VPN certificates also used for Kerberos Authentication](#requirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication)
+  - [Device management agent for the push-button reset is not working](#device-management-agent-for-the-push-button-reset-is-not-working)
+
+- **Frequently Asked Questions**
+  - [Can there be more than 1 MDM server to enroll and manage devices in Windows 10?](#can-there-be-more-than-1-mdm-server-to-enroll-and-manage-devices-in-windows-10)
+  - [How do I set the maximum number of Azure Active Directory joined devices per user?](#how-do-i-set-the-maximum-number-of-azure-active-directory-joined-devices-per-user)
+  - [What is dmwappushsvc?](#what-is-dmwappushsvc)
+
+- **Change history in MDM documentation**
     - [February 2019](#february-2019)
     - [January 2019](#january-2019)
     - [December 2018](#december-2018)
@@ -66,10 +71,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
     - [October 2017](#october-2017)
     - [September 2017](#september-2017)
     - [August 2017](#august-2017)
-  - [FAQ](#faq)
-
-## <a href="" id="whatsnew"></a>What's new in Windows 10, version 1511
 
+## What’s new in MDM for Windows 10, version 1903
 <table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
@@ -77,130 +80,45 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </colgroup>
 <thead>
 <tr class="header">
-<th>Item</th>
+<th>New or updated topic</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>New configuration service providers added in Windows 10, version 1511</p></td>
-<td style="vertical-align:top"><ul>
-<li>[AllJoynManagement CSP](alljoynmanagement-csp.md)</li>
-<li>[Maps CSP](maps-csp.md)</li>
-<li>[Reporting CSP](reporting-csp.md)</li>
-<li>[SurfaceHub CSP](surfacehub-csp.md)</li>
-<li>[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>New and updated policies in Policy CSP</p></td>
-<td style="vertical-align:top"><p>The following policies have been added to the [Policy CSP](policy-configuration-service-provider.md):</p>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies in Windows 10, version 1903:</p>
 <ul>
-<li>Accounts/DomainNamesForEmailSync</li>
-<li>ApplicationManagement/AllowWindowsBridgeForAndroidAppsExecution</li>
-<li>Bluetooth/ServicesAllowedList</li>
-<li>DataProtection/AllowAzureRMSForEDP</li>
-<li>DataProtection/RevokeOnUnenroll</li>
-<li>DeviceLock/DevicePasswordExpiration</li>
-<li>DeviceLock/DevicePasswordHistory</li>
-<li>TextInput/AllowInputPanel</li>
-<li>Update/PauseDeferrals</li>
-<li>Update/RequireDeferUpdate</li>
-<li>Update/RequireUpdateApproval</li>
+<li>[DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)</li>
+<li>[DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)</li>
+<li>[Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)</li>
+<li>[Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)</li>
+<li>[Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)</li>
+<li>[Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)</li>
+<li>[Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)</li>
+<li>[Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)</li>
+<li>[Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)</li>
+<li>[Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)</li>
+<li>[Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)</li>
+<li>[Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)</li>
+<li>[Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)</li>
+<li>[Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)</li>
+<li>[Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)</li>
+<li>[System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)</li>
+<li>[System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)</li>
+<li>[Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)</li>
+<li>[Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)</li>
+<li>[Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)</li>
+<li>[Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)</li>
+<li>[WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)</li>
+<li>[WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)</li>
+<li>[WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)</li>
 </ul>
-<p>The following policies have been updated in the Policy CSP:</p>
-<ul>
-<li>System/AllowLocation</li>
-<li>Update/RequireDeferUpgrade</li>
-</ul>
-<p>The following policies have been deprecated in the Policy CSP:</p>
-<ul>
-<li>TextInput/AllowKoreanExtendedHanja</li>
-<li>WiFi/AllowWiFiHotSpotReporting</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Management tool for the Micosoft Store for Business</p></td>
-<td style="vertical-align:top"><p>New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>Custom header for generic alert</p></td>
-<td style="vertical-align:top"><p>The MDM-GenericAlert is a new custom header that hosts one or more alert information provided in the http messages sent by the device to the server during an OMA DM session. The generic alert is sent if the session is triggered by the device due to one or more critical or fatal alerts. Here is alert format:</p>
-<code>MDM-GenericAlert: &lt;AlertType1&gt;&lt;AlertType2&gt;</code>
-<p>If present, the MDM-GenericAlert is presented in every the outgoing MDM message in the same OMA DM session. For more information about generic alerts, see section 8.7 in the OMA Device Management Protocol, Approved Version 1.2.1 in this [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Alert message for slow client response</p></td>
-<td style="vertical-align:top"><p>When the MDM server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.</p>
-<p>To work around the timeout, you can use EnableOmaDmKeepAliveMessage setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. For details, see EnableOmaDmKeepAliveMessage node in the [DMClient CSP](dmclient-csp.md).</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>New node in DMClient CSP</p></td>
-<td style="vertical-align:top"><p>Added a new node EnableOmaDmKeepAliveMessage to the [DMClient CSP](dmclient-csp.md) and updated the ManagementServerAddress to indicate that it can contain a list of URLs.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>New nodes in EnterpriseModernAppManagement CSP</p></td>
-<td style="vertical-align:top"><p>Added the following nodes to the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md):</p>
-<ul>
-<li>AppManagement/GetInventoryQuery</li>
-<li>AppManagement/GetInventoryResults</li>
-<li>.../<em>PackageFamilyName</em>/AppSettingPolicy/<em>SettingValue</em></li>
-<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/LicenseCategory</li>
-<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/LicenseUsage</li>
-<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/RequesterID</li>
-<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/GetLicenseFromStore</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>New nodes in EnterpriseExt CSP</p></td>
-<td style="vertical-align:top"><p>Added the following nodes to the [EnterpriseExt CSP](enterpriseext-csp.md):</p>
-<ul>
-<li>DeviceCustomData (CustomID, CustomeString)</li>
-<li>Brightness (Default, MaxAuto)</li>
-<li>LedAlertNotification (State, Intensity, Period, DutyCycle, Cyclecount)</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>New node in EnterpriseExtFileSystem CSP</p></td>
-<td style="vertical-align:top"><p>Added OemProfile node to [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md).</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>New nodes in PassportForWork CSP</p></td>
-<td style="vertical-align:top"><p>Added the following nodes to [PassportForWork CSP](passportforwork-csp.md):</p>
-<ul>
-<li>TenantId/Policies/PINComplexity/History</li>
-<li>TenantId/Policies/PINComplexity/Expiration</li>
-<li>TenantId/Policies/Remote/UseRemotePassport (only for ./Device/Vendor/MSFT)</li>
-<li>Biometrics/UseBiometrics (only for ./Device/Vendor/MSFT)</li>
-<li>Biometrics/FacialFeaturesUseEnhancedAntiSpoofing (only for ./Device/Vendor/MSFT)</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Updated EnterpriseAssignedAccess CSP</p></td>
-<td style="vertical-align:top"><p>Here are the changes to the [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md):</p>
-<ul>
-<li>In AssignedAccessXML node, added new page settings and quick action settings.</li>
-<li>In AssignedAccessXML node, added an example about how to pin applications in multiple app packages using the AUMID.</li>
-<li>Updated the [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) topic.</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>New nodes in the DevDetail CSP</p></td>
-<td style="vertical-align:top"><p>Here are the changes to the [DevDetail CSP](devdetail-csp.md):</p>
-<ul>
-<li>Added TotalStore and TotalRAM settings.</li>
-<li>Added support for Replace command for the DeviceName setting.</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Handling large objects</p></td>
-<td style="vertical-align:top"><p>Added support for the client to handle uploading of large objects to the server.</p></td>
-</tr>
+</td></tr>
 </tbody>
 </table>
 
-
-## <a href="" id="whatsnew1607"></a>What's new in Windows 10, version 1607
+## What’s new in MDM for Windows 10, version 1809
 
 <table class="mx-tdBreakAll">
 <colgroup>
@@ -209,309 +127,574 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </colgroup>
 <thead>
 <tr class="header">
-<th>Item</th>
+<th>New or updated topic</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>Sideloading of apps</p></td>
-<td style="vertical-align:top"><p>Starting in Windows 10, version 1607, sideloading of apps is only allowed through [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). Product keys (5x5) will no longer be supported to enable sideloading on Windows 10, version 1607 devices.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>New value for [NodeCache CSP](nodecache-csp.md)</p></td>
-<td style="vertical-align:top"><p>In [NodeCache CSP](nodecache-csp.md), the value of NodeCache root node starting in Windows 10, version 1607 is com.microsoft/1.0/MDM/NodeCache.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP.</p></td>
-</tr>
-<tr class="even">
+<tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Removed the following policies:</p>
+<td style="vertical-align:top"><p>Added the following new policies in Windows 10, version 1809:</p>
 <ul>
-<li>DataProtection/AllowAzureRMSForEDP - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
-<li>DataProtection/AllowUserDecryption - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
-<li>DataProtection/EDPEnforcementLevel - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
-<li>DataProtection/RequireProtectionUnderLockConfig - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
-<li>DataProtection/RevokeOnUnenroll - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
-<li>DataProtection/EnterpriseCloudResources - moved this policy to NetworkIsolation policy</li>
-<li>DataProtection/EnterpriseInternalProxyServers - moved this policy to NetworkIsolation policy</li>
-<li>DataProtection/EnterpriseIPRange - moved this policy to NetworkIsolation policy</li>
-<li>DataProtection/EnterpriseNetworkDomainNames - moved this policy to NetworkIsolation policy</li>
-<li>DataProtection/EnterpriseProxyServers - moved this policy to NetworkIsolation policy</li>
-<li>Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices - this policy has been deprecated.</li>
+<li>ApplicationManagement/LaunchAppAfterLogOn</li>
+<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
+<li>Authentication/EnableFastFirstSignIn (Preview mode only)</li>
+<li>Authentication/EnableWebSignIn (Preview mode only)</li>
+<li>Authentication/PreferredAadTenantDomainName</li>
+<li>Browser/AllowFullScreenMode</li>
+<li>Browser/AllowPrelaunch</li>
+<li>Browser/AllowPrinting</li>
+<li>Browser/AllowSavingHistory</li>
+<li>Browser/AllowSideloadingOfExtensions</li>
+<li>Browser/AllowTabPreloading</li>
+<li>Browser/AllowWebContentOnNewTabPage</li>
+<li>Browser/ConfigureFavoritesBar</li>
+<li>Browser/ConfigureHomeButton</li>
+<li>Browser/ConfigureKioskMode</li>
+<li>Browser/ConfigureKioskResetAfterIdleTimeout</li>
+<li>Browser/ConfigureOpenMicrosoftEdgeWith</li>
+<li>Browser/ConfigureTelemetryForMicrosoft365Analytics</li>
+<li>Browser/PreventCertErrorOverrides</li>
+<li>Browser/SetHomeButtonURL</li>
+<li>Browser/SetNewTabPageURL</li>
+<li>Browser/UnlockHomeButton</li>
+<li>Defender/CheckForSignaturesBeforeRunningScan</li>
+<li>Defender/DisableCatchupFullScan </li>
+<li>Defender/DisableCatchupQuickScan </li>
+<li>Defender/EnableLowCPUPriority</li>
+<li>Defender/SignatureUpdateFallbackOrder</li>
+<li>Defender/SignatureUpdateFileSharesSources</li>
+<li>DeviceGuard/ConfigureSystemGuardLaunch</li>
+<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
+<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
+<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>
+<li>DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</li>
+<li>DmaGuard/DeviceEnumerationPolicy</li>
+<li>Experience/AllowClipboardHistory</li>
+<li>Experience/DoNotSyncBrowserSettings</li>
+<li>Experience/PreventUsersFromTurningOnBrowserSyncing</li>
+<li>Kerberos/UPNNameHints</li>
+<li>Privacy/AllowCrossDeviceClipboard</li>
+<li>Privacy/DisablePrivacyExperience</li>
+<li>Privacy/UploadUserActivities</li>
+<li>Security/RecoveryEnvironmentAuthentication</li>
+<li>System/AllowDeviceNameInDiagnosticData</li>
+<li>System/ConfigureMicrosoft365UploadEndpoint</li>
+<li>System/DisableDeviceDelete</li>
+<li>System/DisableDiagnosticDataViewer</li>
+<li>Storage/RemovableDiskDenyWriteAccess</li>
+<li>TaskManager/AllowEndTask</li>
+<li>Update/EngagedRestartDeadlineForFeatureUpdates</li>
+<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates</li>
+<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
+<li>Update/SetDisablePauseUXAccess</li>
+<li>Update/SetDisableUXWUAccess</li>
+<li>WindowsDefenderSecurityCenter/DisableClearTpmButton</li>
+<li>WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</li>
+<li>WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</li>
+<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
 </ul>
-<p>Added the <strong>WiFi/AllowManualWiFiConfiguration</strong> and <strong>WiFi/AllowWiFi</strong> policies for Windows 10, version 1607:</p>
-<ul>
-<li>Windows 10 Pro</li>
-<li>Windows 10 Enterprise</li>
-<li>Windows 10 Education</li>
-</ul>
-<p>Added the following new policies:</p>
-<ul>
-<li>AboveLock/AllowCortanaAboveLock</li>
-<li>ApplicationManagement/DisableStoreOriginatedApps</li>
-<li>Authentication/AllowSecondaryAuthenticationDevice</li>
-<li>Bluetooth/AllowPrepairing</li>
-<li>Browser/AllowExtensions</li>
-<li>Browser/PreventAccessToAboutFlagsInMicrosoftEdge</li>
-<li>Browser/ShowMessageWhenOpeningSitesInInternetExplorer</li>
-<li>DeliveryOptimization/DOAbsoluteMaxCacheSize</li>
-<li>DeliveryOptimization/DOMaxDownloadBandwidth</li>
-<li>DeliveryOptimization/DOMinBackgroundQoS</li>
-<li>DeliveryOptimization/DOModifyCacheDrive</li>
-<li>DeliveryOptimization/DOMonthlyUploadDataCap</li>
-<li>DeliveryOptimization/DOPercentageMaxDownloadBandwidth</li>
-<li>DeviceLock/EnforceLockScreenAndLogonImage</li>
-<li>DeviceLock/EnforceLockScreenProvider</li>
-<li>Defender/PUAProtection</li>
-<li>Experience/AllowThirdPartySuggestionsInWindowsSpotlight</li>
-<li>Experience/AllowWindowsSpotlight</li>
-<li>Experience/ConfigureWindowsSpotlightOnLockScreen</li>
-<li>Experience/DoNotShowFeedbackNotifications</li>
-<li>Licensing/AllowWindowsEntitlementActivation</li>
-<li>Licensing/DisallowKMSClientOnlineAVSValidation</li>
-<li>LockDown/AllowEdgeSwipe</li>
-<li>Maps/EnableOfflineMapsAutoUpdate</li>
-<li>Maps/AllowOfflineMapsDownloadOverMeteredConnection</li>
-<li>Messaging/AllowMessageSync</li>
-<li>NetworkIsolation/EnterpriseCloudResources</li>
-<li>NetworkIsolation/EnterpriseInternalProxyServers</li>
-<li>NetworkIsolation/EnterpriseIPRange</li>
-<li>NetworkIsolation/EnterpriseIPRangesAreAuthoritative</li>
-<li>NetworkIsolation/EnterpriseNetworkDomainNames</li>
-<li>NetworkIsolation/EnterpriseProxyServers</li>
-<li>NetworkIsolation/EnterpriseProxyServersAreAuthoritative</li>
-<li>NetworkIsolation/NeutralResources</li>
-<li>Notifications/DisallowNotificationMirroring</li>
-<li>Privacy/DisableAdvertisingId</li>
-<li>Privacy/LetAppsAccessAccountInfo</li>
-<li>Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessCalendar</li>
-<li>Privacy/LetAppsAccessCalendar_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessCalendar_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessCallHistory</li>
-<li>Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessCamera</li>
-<li>Privacy/LetAppsAccessCamera_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessCamera_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessCamera_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessContacts</li>
-<li>Privacy/LetAppsAccessContacts_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessContacts_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessContacts_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessEmail</li>
-<li>Privacy/LetAppsAccessEmail_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessEmail_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessEmail_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessLocation</li>
-<li>Privacy/LetAppsAccessLocation_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessLocation_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessLocation_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessMessaging</li>
-<li>Privacy/LetAppsAccessMessaging_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessMessaging_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessMicrophone</li>
-<li>Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessMotion</li>
-<li>Privacy/LetAppsAccessMotion_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessMotion_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessMotion_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessNotifications</li>
-<li>Privacy/LetAppsAccessNotifications_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessNotifications_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessPhone</li>
-<li>Privacy/LetAppsAccessPhone_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessPhone_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessPhone_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessRadios</li>
-<li>Privacy/LetAppsAccessRadios_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessRadios_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessRadios_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsAccessTrustedDevices</li>
-<li>Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps</li>
-<li>Privacy/LetAppsSyncWithDevices</li>
-<li>Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps</li>
-<li>Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps</li>
-<li>Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps</li>
-<li>Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</li>
-<li>Settings/AllowEditDeviceName</li>
-<li>Speech/AllowSpeechModelUpdate</li>
-<li>System/TelemetryProxy</li>
-<li>Update/ActiveHoursStart</li>
-<li>Update/ActiveHoursEnd</li>
-<li>Update/AllowMUUpdateService</li>
-<li>Update/BranchReadinessLevel</li>
-<li>Update/DeferFeatureUpdatesPeriodInDays</li>
-<li>Update/DeferQualityUpdatesPeriodInDays</li>
-<li>Update/ExcludeWUDriversInQualityUpdate</li>
-<li>Update/PauseFeatureUpdates</li>
-<li>Update/PauseQualityUpdates</li>
-<li>Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)</li>
-<li>WindowsInkWorkspace/AllowWindowsInkWorkspace</li>
-<li>WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</li>
-<li>WirelessDisplay/AllowProjectionToPC</li>
-<li>WirelessDisplay/RequirePinForPairing</li>
-</ul>
-<p>Updated the <strong>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts</strong> description to remove outdated information.</p>
-<p>Updated DeliveryOptimization/DODownloadMode to add new values.</p>
-<p>Updated Experience/AllowCortana description to clarify what each supported value does.</p>
-<p>Updated Security/AntiTheftMode description to clarify what each supported value does.</p></td>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[PassportForWork  CSP](passportforwork-csp.md)</td>
+<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[EnterpriseModernAppManagement  CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added NonRemovable setting under AppManagement node in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Win32CompatibilityAppraiser  CSP](win32compatibilityappraiser-csp.md)</td>
+<td style="vertical-align:top"><p>Added new configuration service provider in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[WindowsLicensing  CSP](windowslicensing-csp.md)</td>
+<td style="vertical-align:top"><p>Added S mode settings and SyncML examples in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[SUPL CSP](supl-csp.md)</td>
+<td style="vertical-align:top"><p>Added 3 new certificate nodes in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node Health/ProductStatus in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[DevDetail CSP](devdetail-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
+<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[TenantLockdown CSP](tenantlockdown-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1809.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Office CSP](office-csp.md)</td>
+<td style="vertical-align:top"><p>Added FinalStatus setting in Windows 10, version 1809.</p>
+</td></tr>
+</tbody>
+</table>
+
+## What’s new in MDM for Windows 10, version 1803
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
 </tr>
+</thead>
+<tbody>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
+<ul>
+<li>ApplicationDefaults/EnableAppUriHandlers</li>
+<li>ApplicationManagement/MSIAllowUserControlOverInstall</li>
+<li>ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</li>
+<li>Bluetooth/AllowPromptedProximalConnections</li>
+<li>Browser/AllowConfigurationUpdateForBooksLibrary</li>
+<li>Browser/AlwaysEnableBooksLibrary</li>
+<li>Browser/EnableExtendedBooksTelemetry</li>
+<li>Browser/UseSharedFolderForBooks</li>
+<li>Connectivity/AllowPhonePCLinking</li>
+<li>DeliveryOptimization/DODelayBackgroundDownloadFromHttp</li>
+<li>DeliveryOptimization/DODelayForegroundDownloadFromHttp</li>
+<li>DeliveryOptimization/DOGroupIdSource</li>
+<li>DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth</li>
+<li>DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth</li>
+<li>DeliveryOptimization/DORestrictPeerSelectionBy</li>
+<li>DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth</li>
+<li>DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth</li>
+<li>Display/DisablePerProcessDpiForApps</li>
+<li>Display/EnablePerProcessDpi</li>
+<li>Display/EnablePerProcessDpiForApps</li>
+<li>Experience/AllowWindowsSpotlightOnSettings</li>
+<li>KioskBrowser/BlockedUrlExceptions</li>
+<li>KioskBrowser/BlockedUrls</li>
+<li>KioskBrowser/DefaultURL</li>
+<li>KioskBrowser/EnableEndSessionButton</li>
+<li>KioskBrowser/EnableHomeButton</li>
+<li>KioskBrowser/EnableNavigationButtons</li>
+<li>KioskBrowser/RestartOnIdleTime</li>
+<li>LanmanWorkstation/EnableInsecureGuestLogons</li>
+<li>LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon</li>
+<li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li>
+<li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li>
+<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
+<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li>
+<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li>
+<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li>
+<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</li>
+<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</li>
+<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</li>
+<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</li>
+<li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</li>
+<li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li>
+<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li>
+<li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
+<li>Notifications/DisallowCloudNotification</li>
+<li>RestrictedGroups/ConfigureGroupMembership</li>
+<li>Search/AllowCortanaInAAD</li>
+<li>Search/DoNotUseWebResults</li>
+<li>Security/ConfigureWindowsPasswords</li>
+<li>Start/DisableContextMenus</li>
+<li>System/FeedbackHubAlwaysSaveDiagnosticsLocally</li>
+<li>SystemServices/ConfigureHomeGroupListenerServiceStartupMode</li>
+<li>SystemServices/ConfigureHomeGroupProviderServiceStartupMode</li>
+<li>SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode</li>
+<li>SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode</li>
+<li>SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode</li>
+<li>SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</li>
+<li>TaskScheduler/EnableXboxGameSaveTask</li>
+<li>TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode</li>
+<li>TextInput/ForceTouchKeyboardDockedState</li>
+<li>TextInput/TouchKeyboardDictationButtonAvailability</li>
+<li>TextInput/TouchKeyboardEmojiButtonAvailability</li>
+<li>TextInput/TouchKeyboardFullModeAvailability</li>
+<li>TextInput/TouchKeyboardHandwritingModeAvailability</li>
+<li>TextInput/TouchKeyboardNarrowModeAvailability</li>
+<li>TextInput/TouchKeyboardSplitModeAvailability</li>
+<li>TextInput/TouchKeyboardWideModeAvailability</li>
+<li>Update/ConfigureFeatureUpdateUninstallPeriod</li>
+<li>UserRights/AccessCredentialManagerAsTrustedCaller</li>
+<li>UserRights/AccessFromNetwork</li>
+<li>UserRights/ActAsPartOfTheOperatingSystem</li>
+<li>UserRights/AllowLocalLogOn</li>
+<li>UserRights/BackupFilesAndDirectories</li>
+<li>UserRights/ChangeSystemTime</li>
+<li>UserRights/CreateGlobalObjects</li>
+<li>UserRights/CreatePageFile</li>
+<li>UserRights/CreatePermanentSharedObjects</li>
+<li>UserRights/CreateSymbolicLinks</li>
+<li>UserRights/CreateToken</li>
+<li>UserRights/DebugPrograms</li>
+<li>UserRights/DenyAccessFromNetwork</li>
+<li>UserRights/DenyLocalLogOn</li>
+<li>UserRights/DenyRemoteDesktopServicesLogOn</li>
+<li>UserRights/EnableDelegation</li>
+<li>UserRights/GenerateSecurityAudits</li>
+<li>UserRights/ImpersonateClient</li>
+<li>UserRights/IncreaseSchedulingPriority</li>
+<li>UserRights/LoadUnloadDeviceDrivers</li>
+<li>UserRights/LockMemory</li>
+<li>UserRights/ManageAuditingAndSecurityLog</li>
+<li>UserRights/ManageVolume</li>
+<li>UserRights/ModifyFirmwareEnvironment</li>
+<li>UserRights/ModifyObjectLabel</li>
+<li>UserRights/ProfileSingleProcess</li>
+<li>UserRights/RemoteShutdown</li>
+<li>UserRights/RestoreFilesAndDirectories</li>
+<li>UserRights/TakeOwnership</li>
+<li>WindowsDefenderSecurityCenter/DisableAccountProtectionUI</li>
+<li>WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</li>
+<li>WindowsDefenderSecurityCenter/HideRansomwareDataRecovery</li>
+<li>WindowsDefenderSecurityCenter/HideSecureBoot</li>
+<li>WindowsDefenderSecurityCenter/HideTPMTroubleshooting</li>
+</ul>
+<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
+</td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following settings:</p>
+<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
 <ul>
-<li>ManagementServerAddressList</li>
-<li>AADDeviceID</li>
-<li>EnrollmentType</li>
-<li>HWDevID</li>
-<li>CommercialID</li>
+<li>AADSendDeviceToken</li>
+<li>BlockInStatusPage</li>
+<li>AllowCollectLogsButton</li>
+<li>CustomErrorText</li>
+<li>SkipDeviceStatusPage</li>
+<li>SkipUserStatusPage</li>
 </ul>
-<p>Removed the EnrollmentID setting.</p></td>
-</tr>
+</td></tr>
 <tr class="odd">
-<td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following new settings:</p>
+<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
+<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Update CSP](update-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
 <ul>
-<li>DeviceStatus/TPM/SpecificationVersion</li>
-<li>DeviceStatus/OS/Edition</li>
-<li>DeviceStatus/Antivirus/SignatureStatus</li>
-<li>DeviceStatus/Antivirus/Status</li>
-<li>DeviceStatus/Antispyware/SignatureStatus</li>
-<li>DeviceStatus/Antispyware/Status</li>
-<li>DeviceStatus/Firewall/Status</li>
-<li>DeviceStatus/UAC/Status</li>
-<li>DeviceStatus/Battery/Status</li>
-<li>DeviceStatus/Battery/EstimatedChargeRemaining</li>
-<li>DeviceStatus/Battery/EstimatedRuntime</li>
-</ul></td>
-</tr>
+<li>Rollback</li>
+<li>Rollback/FeatureUpdate</li>
+<li>Rollback/QualityUpdateStatus</li>
+<li>Rollback/FeatureUpdateStatus</li>
+</ul>
+</td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
-<td style="vertical-align:top"><p>Added SyncML examples.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)</td>
-<td style="vertical-align:top"><ul>
-<li>Added a new Folder table entry in the AssignedAccess/AssignedAccessXml description.</li>
-<li>Updated the DDF and XSD file sections.</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[SecureAssessment CSP](secureassessment-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[DiagnosticLog CSP](diagnosticlog-csp.md)
-<p>[DiagnosticLog DDF](diagnosticlog-ddf.md)</p></td>
-<td style="vertical-align:top"><p>Added version 1.3 of the CSP with two new settings. Added the new 1.3 version of the DDF. Added the following new settings in Windows 10, version 1607.</p>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
 <ul>
-<li>DeviceStateData</li>
-<li>DeviceStateData/MdmConfiguration</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[Reboot CSP](reboot-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following settings for Windows 10, version 1607</p>
-<ul>
-<li><em>ProfileName</em>/RouteList/routeRowId/ExclusionRoute</li>
-<li><em>ProfileName</em>/DomainNameInformationList/<em>dniRowId</em>/AutoTrigger</li>
-<li><em>ProfileName</em>/DomainNameInformationList/dniRowId/Persistent</li>
-<li><em>ProfileName</em>/ProfileXML</li>
-<li><em>ProfileName</em>/DeviceCompliance/Enabled</li>
-<li><em>ProfileName</em>/DeviceCompliance/Sso</li>
-<li><em>ProfileName</em>/DeviceCompliance/Sso/Enabled</li>
-<li><em>ProfileName</em>/DeviceCompliance/Sso/IssuerHash</li>
-<li><em>ProfileName</em>/DeviceCompliance/Sso/Eku</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite/AuthenticationTransformConstants</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite/CipherTransformConstants</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite/EncryptionMethod</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite/IntegrityCheckMethod</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite/DHGroup</li>
-<li><em>ProfileName</em>/NativeProfile/CryptographySuite/PfsGroup</li>
-<li><em>ProfileName</em>/NativeProfile/L2tpPsk</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[Win32AppInventory CSP](win32appinventory-csp.md)
-<p>[Win32AppInventory DDF](win32appinventory-ddf-file.md)</p></td>
-<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[SharedPC CSP](sharedpc-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)</td>
-<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224)</td>
-<td style="vertical-align:top"><p>Added new classes for Windows 10, version 1607.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)</td>
-<td style="vertical-align:top"><p>Topic renamed from &quot;Enrollment UI&quot;.</p>
-<p>Completely updated enrollment procedures and screenshots.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top">[UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
-<p>[UnifiedWriteFilter DDF File](unifiedwritefilter-ddf.md)</p></td>
-<td style="vertical-align:top"><p>Added the following new setting for Windows 10, version 1607:</p>
-<ul>
-<li>NextSession/HORMEnabled</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top">[CertificateStore CSP](certificatestore-csp.md)
-<p>[CertificateStore DDF file](certificatestore-ddf-file.md)</p></td>
-<td style="vertical-align:top"><p>Added the following new settings in Windows 10, version 1607:</p>
-<ul>
-<li>My/WSTEP/Renew/LastRenewalAttemptTime</li>
-<li>My/WSTEP/Renew/RenewNow</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>[WindowsLicensing CSP](windowslicensing-csp.md)</p></td>
-<td style="vertical-align:top"><p>Added the following new node and settings in Windows 10, version 1607, but not documented:</p>
-<ul>
-<li>Subscriptions</li>
-<li>Subscriptions/SubscriptionId</li>
-<li>Subscriptions/SubscriptionId/Status</li>
-<li>Subscriptions/SubscriptionId/Name</li>
+<li>Status</li>
+<li>ShellLauncher</li>
+<li>StatusConfiguration</li>
 </ul>
-</td>
-</tr>
+<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>MaintainProcessorArchitectureOnUpdate</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>IsEnabled</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>OS/Mode</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[RootCATrustedCertificates CSP](rootcacertificates-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>UntrustedCertificates</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[NetworkProxy CSP](\networkproxy--csp.md)</td>
+<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<ul>
+<li>ProxySettingsPerUser</li>
+</ul>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[Accounts CSP](accounts-csp.md)</td>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[MDM Migration Analysis Too (MMAT)](https://aka.ms/mmat)</td>
+<td style="vertical-align:top"><p>Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.</p>
+</td></tr>
+<tr>
+<td style="vertical-align:top">[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)</td>
+<td style="vertical-align:top"><p>Added the DDF download of Windows 10, version 1803 configuration service providers.</p>
+</td></tr>
 </tbody>
 </table>
 
-## <a href="" id="whatsnew10"></a>What's new in Windows 10, version 1703
+## What’s new in MDM for Windows 10, version 1709
+
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Item</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="even">
+<td style="vertical-align:top">The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx)</td>
+<td style="vertical-align:top"><p>The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:</p>
+<ul>
+<li>UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. </li>
+<li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
+<li>DomainName - fully qualified domain name if the device is domain-joined.</li>
+</ul>
+<p>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.</p>
+</td></tr>
+<tr class="even">
+<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="even">
+<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md)</td>
+<td style="vertical-align:top">In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated.</td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
+<td style="vertical-align:top"><p>Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
+<ul>
+<li>DeviceStatus/DomainName</li>
+<li>DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq</li>
+<li>DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus</li>
+<li>DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus</li>
+</ul>
+</td></tr>
+<tr class="even">
+<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following setting in Windows 10, version 1709.</p>
+<ul>
+<li>Configuration</li>
+</ul>
+<p>Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
+<ul>
+<li>Provider/_ProviderID_/ConfigInfo</li>
+<li> Provider/_ProviderID_/EnrollmentInfo</li>
+</ul>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Office CSP](office-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following setting in Windows 10, version 1709:</p>
+<ul>
+<li>Installation/CurrentStatus</li>
+</ul>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
+<td style="vertical-align:top"><p>Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top"><p>Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies)</td>
+<td style="vertical-align:top"><p>Added new policies.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">Microsoft Store for Business and Microsoft Store</td>
+<td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.</p>
+</td></tr>
+<td style="vertical-align:top">[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)</td>
+<td style="vertical-align:top"><p>New features in the Settings app:</p>
+<ul>
+<li>User sees installation progress of critical policies during MDM enrollment.</li>
+<li>User knows what policies, profiles, apps MDM has configured</li>
+<li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
+</ul>
+<p>For details, see [Managing connection](mdm-enrollment-of-windows-devices.md#managing-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)</td>
+<td style="vertical-align:top"><p>Added new topic to introduce a new Group Policy for automatic MDM enrollment.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
+<ul>
+<li>Authentication/AllowAadPasswordReset</li>
+<li>Authentication/AllowFidoDeviceSignon</li>
+<li>Browser/LockdownFavorites</li>
+<li>Browser/ProvisionFavorites</li>
+<li>Cellular/LetAppsAccessCellularData</li>
+<li>Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</li>
+<li>Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</li>
+<li>Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</li>
+<li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
+<li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
+<li>DeviceGuard/RequirePlatformSecurityFeatures</li>
+<li>DeviceGuard/LsaCfgFlags</li>
+<li>DeviceLock/MinimumPasswordAge</li>
+<li>ExploitGuard/ExploitProtectionSettings</li>
+<li>Games/AllowAdvancedGamingServices</li>
+<li>Handwriting/PanelDefaultModeDocked</li>
+<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
+<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
+<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li>
+<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li>
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</li>
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</li>
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</li>
+<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</li>
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li>
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li>
+<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
+<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
+<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</li>
+<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</li>
+<li>Power/DisplayOffTimeoutOnBattery</li>
+<li>Power/DisplayOffTimeoutPluggedIn</li>
+<li>Power/HibernateTimeoutOnBattery</li>
+<li>Power/HibernateTimeoutPluggedIn</li>
+<li>Power/StandbyTimeoutOnBattery</li>
+<li>Power/StandbyTimeoutPluggedIn</li>
+<li>Privacy/EnableActivityFeed</li>
+<li>Privacy/PublishUserActivities</li>
+<li>Defender/AttackSurfaceReductionOnlyExclusions</li>
+<li>Defender/AttackSurfaceReductionRules</li>
+<li>Defender/CloudBlockLevel </li>
+<li>Defender/CloudExtendedTimeout</li>
+<li>Defender/ControlledFolderAccessAllowedApplications</li>
+<li>Defender/ControlledFolderAccessProtectedFolders</li>
+<li>Defender/EnableControlledFolderAccess</li>
+<li>Defender/EnableNetworkProtection</li>
+<li>Education/DefaultPrinterName</li>
+<li>Education/PreventAddingNewPrinters</li>
+<li>Education/PrinterNames</li>
+<li>Search/AllowCloudSearch</li>
+<li>Security/ClearTPMIfNotReady</li>
+<li>Settings/AllowOnlineTips</li>
+<li>Start/HidePeopleBar</li>
+<li>Storage/AllowDiskHealthModelUpdates</li>
+<li>System/DisableEnterpriseAuthProxy </li>
+<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
+<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li>
+<li>Update/DisableDualScan</li>
+<li>Update/ManagePreviewBuilds</li>
+<li>Update/ScheduledInstallEveryWeek</li>
+<li>Update/ScheduledInstallFirstWeek</li>
+<li>Update/ScheduledInstallFourthWeek</li>
+<li>Update/ScheduledInstallSecondWeek</li>
+<li>Update/ScheduledInstallThirdWeek</li>
+<li>WindowsDefenderSecurityCenter/CompanyName</li>
+<li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>
+<li>WindowsDefenderSecurityCenter/DisableEnhancedNotifications</li>
+<li>WindowsDefenderSecurityCenter/DisableFamilyUI</li>
+<li>WindowsDefenderSecurityCenter/DisableHealthUI</li>
+<li>WindowsDefenderSecurityCenter/DisableNetworkUI</li>
+<li>WindowsDefenderSecurityCenter/DisableNotifications</li>
+<li>WindowsDefenderSecurityCenter/DisableVirusUI</li>
+<li>WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</li>
+<li>WindowsDefenderSecurityCenter/Email</li>
+<li>WindowsDefenderSecurityCenter/EnableCustomizedToasts</li>
+<li>WindowsDefenderSecurityCenter/EnableInAppCustomization</li>
+<li>WindowsDefenderSecurityCenter/Phone</li>
+<li>WindowsDefenderSecurityCenter/URL</li>
+<li>WirelessDisplay/AllowMdnsAdvertisement</li>
+<li>WirelessDisplay/AllowMdnsDiscovery</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
+
+## What’s new in MDM for Windows 10, version 1703
 
 <table class="mx-tdBreakAll">
 <colgroup>
@@ -932,7 +1115,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </tbody>
 </table> 
 
-## <a href="" id="whatsnew1709"></a>What's new in Windows 10, version 1709
+
+## What’s new in MDM for Windows 10, version 1607
 
 <table class="mx-tdBreakAll">
 <colgroup>
@@ -946,439 +1130,304 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </tr>
 </thead>
 <tbody>
-<tr class="even">
-<td style="vertical-align:top">The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx)</td>
-<td style="vertical-align:top"><p>The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:</p>
-<ul>
-<li>UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. </li>
-<li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
-<li>DomainName - fully qualified domain name if the device is domain-joined.</li>
-</ul>
-<p>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.</p>
-</td></tr>
-<tr class="even">
-<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
-<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
-</td></tr>
-<tr class="even">
-<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
-<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
-</td></tr>
 <tr class="odd">
-<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
-<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+<td style="vertical-align:top"><p>Sideloading of apps</p></td>
+<td style="vertical-align:top"><p>Starting in Windows 10, version 1607, sideloading of apps is only allowed through [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). Product keys (5x5) will no longer be supported to enable sideloading on Windows 10, version 1607 devices.</p></td>
 </tr>
 <tr class="even">
-<td style="vertical-align:top">[CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md)</td>
-<td style="vertical-align:top">In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated.</td>
+<td style="vertical-align:top"><p>New value for [NodeCache CSP](nodecache-csp.md)</p></td>
+<td style="vertical-align:top"><p>In [NodeCache CSP](nodecache-csp.md), the value of NodeCache root node starting in Windows 10, version 1607 is com.microsoft/1.0/MDM/NodeCache.</p></td>
 </tr>
 <tr class="odd">
-<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
-<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+<td style="vertical-align:top">[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</td>
+<td style="vertical-align:top"><p>New CSP.</p></td>
 </tr>
 <tr class="even">
-<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
-<td style="vertical-align:top"><p>Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.</p>
-</td></tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Removed the following policies:</p>
+<ul>
+<li>DataProtection/AllowAzureRMSForEDP - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
+<li>DataProtection/AllowUserDecryption - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
+<li>DataProtection/EDPEnforcementLevel - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
+<li>DataProtection/RequireProtectionUnderLockConfig - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
+<li>DataProtection/RevokeOnUnenroll - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</li>
+<li>DataProtection/EnterpriseCloudResources - moved this policy to NetworkIsolation policy</li>
+<li>DataProtection/EnterpriseInternalProxyServers - moved this policy to NetworkIsolation policy</li>
+<li>DataProtection/EnterpriseIPRange - moved this policy to NetworkIsolation policy</li>
+<li>DataProtection/EnterpriseNetworkDomainNames - moved this policy to NetworkIsolation policy</li>
+<li>DataProtection/EnterpriseProxyServers - moved this policy to NetworkIsolation policy</li>
+<li>Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices - this policy has been deprecated.</li>
+</ul>
+<p>Added the <strong>WiFi/AllowManualWiFiConfiguration</strong> and <strong>WiFi/AllowWiFi</strong> policies for Windows 10, version 1607:</p>
+<ul>
+<li>Windows 10 Pro</li>
+<li>Windows 10 Enterprise</li>
+<li>Windows 10 Education</li>
+</ul>
+<p>Added the following new policies:</p>
+<ul>
+<li>AboveLock/AllowCortanaAboveLock</li>
+<li>ApplicationManagement/DisableStoreOriginatedApps</li>
+<li>Authentication/AllowSecondaryAuthenticationDevice</li>
+<li>Bluetooth/AllowPrepairing</li>
+<li>Browser/AllowExtensions</li>
+<li>Browser/PreventAccessToAboutFlagsInMicrosoftEdge</li>
+<li>Browser/ShowMessageWhenOpeningSitesInInternetExplorer</li>
+<li>DeliveryOptimization/DOAbsoluteMaxCacheSize</li>
+<li>DeliveryOptimization/DOMaxDownloadBandwidth</li>
+<li>DeliveryOptimization/DOMinBackgroundQoS</li>
+<li>DeliveryOptimization/DOModifyCacheDrive</li>
+<li>DeliveryOptimization/DOMonthlyUploadDataCap</li>
+<li>DeliveryOptimization/DOPercentageMaxDownloadBandwidth</li>
+<li>DeviceLock/EnforceLockScreenAndLogonImage</li>
+<li>DeviceLock/EnforceLockScreenProvider</li>
+<li>Defender/PUAProtection</li>
+<li>Experience/AllowThirdPartySuggestionsInWindowsSpotlight</li>
+<li>Experience/AllowWindowsSpotlight</li>
+<li>Experience/ConfigureWindowsSpotlightOnLockScreen</li>
+<li>Experience/DoNotShowFeedbackNotifications</li>
+<li>Licensing/AllowWindowsEntitlementActivation</li>
+<li>Licensing/DisallowKMSClientOnlineAVSValidation</li>
+<li>LockDown/AllowEdgeSwipe</li>
+<li>Maps/EnableOfflineMapsAutoUpdate</li>
+<li>Maps/AllowOfflineMapsDownloadOverMeteredConnection</li>
+<li>Messaging/AllowMessageSync</li>
+<li>NetworkIsolation/EnterpriseCloudResources</li>
+<li>NetworkIsolation/EnterpriseInternalProxyServers</li>
+<li>NetworkIsolation/EnterpriseIPRange</li>
+<li>NetworkIsolation/EnterpriseIPRangesAreAuthoritative</li>
+<li>NetworkIsolation/EnterpriseNetworkDomainNames</li>
+<li>NetworkIsolation/EnterpriseProxyServers</li>
+<li>NetworkIsolation/EnterpriseProxyServersAreAuthoritative</li>
+<li>NetworkIsolation/NeutralResources</li>
+<li>Notifications/DisallowNotificationMirroring</li>
+<li>Privacy/DisableAdvertisingId</li>
+<li>Privacy/LetAppsAccessAccountInfo</li>
+<li>Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessCalendar</li>
+<li>Privacy/LetAppsAccessCalendar_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessCalendar_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessCallHistory</li>
+<li>Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessCamera</li>
+<li>Privacy/LetAppsAccessCamera_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessCamera_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessCamera_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessContacts</li>
+<li>Privacy/LetAppsAccessContacts_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessContacts_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessContacts_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessEmail</li>
+<li>Privacy/LetAppsAccessEmail_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessEmail_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessEmail_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessLocation</li>
+<li>Privacy/LetAppsAccessLocation_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessLocation_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessLocation_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessMessaging</li>
+<li>Privacy/LetAppsAccessMessaging_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessMessaging_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessMicrophone</li>
+<li>Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessMotion</li>
+<li>Privacy/LetAppsAccessMotion_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessMotion_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessMotion_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessNotifications</li>
+<li>Privacy/LetAppsAccessNotifications_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessNotifications_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessPhone</li>
+<li>Privacy/LetAppsAccessPhone_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessPhone_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessPhone_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessRadios</li>
+<li>Privacy/LetAppsAccessRadios_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessRadios_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessRadios_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsAccessTrustedDevices</li>
+<li>Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps</li>
+<li>Privacy/LetAppsSyncWithDevices</li>
+<li>Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps</li>
+<li>Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps</li>
+<li>Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps</li>
+<li>Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</li>
+<li>Settings/AllowEditDeviceName</li>
+<li>Speech/AllowSpeechModelUpdate</li>
+<li>System/TelemetryProxy</li>
+<li>Update/ActiveHoursStart</li>
+<li>Update/ActiveHoursEnd</li>
+<li>Update/AllowMUUpdateService</li>
+<li>Update/BranchReadinessLevel</li>
+<li>Update/DeferFeatureUpdatesPeriodInDays</li>
+<li>Update/DeferQualityUpdatesPeriodInDays</li>
+<li>Update/ExcludeWUDriversInQualityUpdate</li>
+<li>Update/PauseFeatureUpdates</li>
+<li>Update/PauseQualityUpdates</li>
+<li>Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)</li>
+<li>WindowsInkWorkspace/AllowWindowsInkWorkspace</li>
+<li>WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</li>
+<li>WirelessDisplay/AllowProjectionToPC</li>
+<li>WirelessDisplay/RequirePinForPairing</li>
+</ul>
+<p>Updated the <strong>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts</strong> description to remove outdated information.</p>
+<p>Updated DeliveryOptimization/DODownloadMode to add new values.</p>
+<p>Updated Experience/AllowCortana description to clarify what each supported value does.</p>
+<p>Updated Security/AntiTheftMode description to clarify what each supported value does.</p></td>
+</tr>
 <tr class="odd">
-<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
+<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following settings:</p>
 <ul>
-<li>DeviceStatus/DomainName</li>
-<li>DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq</li>
-<li>DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus</li>
-<li>DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus</li>
+<li>ManagementServerAddressList</li>
+<li>AADDeviceID</li>
+<li>EnrollmentType</li>
+<li>HWDevID</li>
+<li>CommercialID</li>
 </ul>
-</td></tr>
-<tr class="even">
-<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following setting in Windows 10, version 1709.</p>
-<ul>
-<li>Configuration</li>
-</ul>
-<p>Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.</p>
-</td></tr>
+<p>Removed the EnrollmentID setting.</p></td>
+</tr>
 <tr class="odd">
 <td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following settings in Windows 10, version 1709:</p>
-<ul>
-<li>Provider/_ProviderID_/ConfigInfo</li>
-<li> Provider/_ProviderID_/EnrollmentInfo</li>
-</ul>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[Office CSP](office-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following setting in Windows 10, version 1709:</p>
-<ul>
-<li>Installation/CurrentStatus</li>
-</ul>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
-<td style="vertical-align:top"><p>Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies)</td>
-<td style="vertical-align:top"><p>Added new policies.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">Microsoft Store for Business and Microsoft Store</td>
-<td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.</p>
-</td></tr>
-<td style="vertical-align:top">[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)</td>
-<td style="vertical-align:top"><p>New features in the Settings app:</p>
-<ul>
-<li>User sees installation progress of critical policies during MDM enrollment.</li>
-<li>User knows what policies, profiles, apps MDM has configured</li>
-<li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
-</ul>
-<p>For details, see [Managing connection](mdm-enrollment-of-windows-devices.md#managing-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)</td>
-<td style="vertical-align:top"><p>Added new topic to introduce a new Group Policy for automatic MDM enrollment.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
-<ul>
-<li>Authentication/AllowAadPasswordReset</li>
-<li>Authentication/AllowFidoDeviceSignon</li>
-<li>Browser/LockdownFavorites</li>
-<li>Browser/ProvisionFavorites</li>
-<li>Cellular/LetAppsAccessCellularData</li>
-<li>Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</li>
-<li>Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</li>
-<li>Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</li>
-<li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
-<li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
-<li>DeviceGuard/RequirePlatformSecurityFeatures</li>
-<li>DeviceGuard/LsaCfgFlags</li>
-<li>DeviceLock/MinimumPasswordAge</li>
-<li>ExploitGuard/ExploitProtectionSettings</li>
-<li>Games/AllowAdvancedGamingServices</li>
-<li>Handwriting/PanelDefaultModeDocked</li>
-<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
-<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
-<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
-<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
-<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li>
-<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li>
-<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</li>
-<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</li>
-<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</li>
-<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</li>
-<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li>
-<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li>
-<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
-<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
-<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</li>
-<li>Power/DisplayOffTimeoutOnBattery</li>
-<li>Power/DisplayOffTimeoutPluggedIn</li>
-<li>Power/HibernateTimeoutOnBattery</li>
-<li>Power/HibernateTimeoutPluggedIn</li>
-<li>Power/StandbyTimeoutOnBattery</li>
-<li>Power/StandbyTimeoutPluggedIn</li>
-<li>Privacy/EnableActivityFeed</li>
-<li>Privacy/PublishUserActivities</li>
-<li>Defender/AttackSurfaceReductionOnlyExclusions</li>
-<li>Defender/AttackSurfaceReductionRules</li>
-<li>Defender/CloudBlockLevel </li>
-<li>Defender/CloudExtendedTimeout</li>
-<li>Defender/ControlledFolderAccessAllowedApplications</li>
-<li>Defender/ControlledFolderAccessProtectedFolders</li>
-<li>Defender/EnableControlledFolderAccess</li>
-<li>Defender/EnableNetworkProtection</li>
-<li>Education/DefaultPrinterName</li>
-<li>Education/PreventAddingNewPrinters</li>
-<li>Education/PrinterNames</li>
-<li>Search/AllowCloudSearch</li>
-<li>Security/ClearTPMIfNotReady</li>
-<li>Settings/AllowOnlineTips</li>
-<li>Start/HidePeopleBar</li>
-<li>Storage/AllowDiskHealthModelUpdates</li>
-<li>System/DisableEnterpriseAuthProxy </li>
-<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
-<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li>
-<li>Update/DisableDualScan</li>
-<li>Update/ManagePreviewBuilds</li>
-<li>Update/ScheduledInstallEveryWeek</li>
-<li>Update/ScheduledInstallFirstWeek</li>
-<li>Update/ScheduledInstallFourthWeek</li>
-<li>Update/ScheduledInstallSecondWeek</li>
-<li>Update/ScheduledInstallThirdWeek</li>
-<li>WindowsDefenderSecurityCenter/CompanyName</li>
-<li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>
-<li>WindowsDefenderSecurityCenter/DisableEnhancedNotifications</li>
-<li>WindowsDefenderSecurityCenter/DisableFamilyUI</li>
-<li>WindowsDefenderSecurityCenter/DisableHealthUI</li>
-<li>WindowsDefenderSecurityCenter/DisableNetworkUI</li>
-<li>WindowsDefenderSecurityCenter/DisableNotifications</li>
-<li>WindowsDefenderSecurityCenter/DisableVirusUI</li>
-<li>WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</li>
-<li>WindowsDefenderSecurityCenter/Email</li>
-<li>WindowsDefenderSecurityCenter/EnableCustomizedToasts</li>
-<li>WindowsDefenderSecurityCenter/EnableInAppCustomization</li>
-<li>WindowsDefenderSecurityCenter/Phone</li>
-<li>WindowsDefenderSecurityCenter/URL</li>
-<li>WirelessDisplay/AllowMdnsAdvertisement</li>
-<li>WirelessDisplay/AllowMdnsDiscovery</li>
-</ul>
-</td></tr>
-</tbody>
-</table>
-
-## <a href="" id="whatsnew1803"></a>What's new in Windows 10, version 1803
-
-<table class="mx-tdBreakAll">
-<colgroup>
-<col width="25%" />
-<col width="75%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>New or updated topic</th>
-<th>Description</th>
+<td style="vertical-align:top"><p>New CSP.</p></td>
 </tr>
-</thead>
-<tbody>
-<tr>
-<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
+<tr class="even">
+<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following new settings:</p>
 <ul>
-<li>ApplicationDefaults/EnableAppUriHandlers</li>
-<li>ApplicationManagement/MSIAllowUserControlOverInstall</li>
-<li>ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges</li>
-<li>Bluetooth/AllowPromptedProximalConnections</li>
-<li>Browser/AllowConfigurationUpdateForBooksLibrary</li>
-<li>Browser/AlwaysEnableBooksLibrary</li>
-<li>Browser/EnableExtendedBooksTelemetry</li>
-<li>Browser/UseSharedFolderForBooks</li>
-<li>Connectivity/AllowPhonePCLinking</li>
-<li>DeliveryOptimization/DODelayBackgroundDownloadFromHttp</li>
-<li>DeliveryOptimization/DODelayForegroundDownloadFromHttp</li>
-<li>DeliveryOptimization/DOGroupIdSource</li>
-<li>DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth</li>
-<li>DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth</li>
-<li>DeliveryOptimization/DORestrictPeerSelectionBy</li>
-<li>DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth</li>
-<li>DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth</li>
-<li>Display/DisablePerProcessDpiForApps</li>
-<li>Display/EnablePerProcessDpi</li>
-<li>Display/EnablePerProcessDpiForApps</li>
-<li>Experience/AllowWindowsSpotlightOnSettings</li>
-<li>KioskBrowser/BlockedUrlExceptions</li>
-<li>KioskBrowser/BlockedUrls</li>
-<li>KioskBrowser/DefaultURL</li>
-<li>KioskBrowser/EnableEndSessionButton</li>
-<li>KioskBrowser/EnableHomeButton</li>
-<li>KioskBrowser/EnableNavigationButtons</li>
-<li>KioskBrowser/RestartOnIdleTime</li>
-<li>LanmanWorkstation/EnableInsecureGuestLogons</li>
-<li>LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon</li>
-<li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li>
-<li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li>
-<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li>
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
-<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
-<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
-<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li>
-<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li>
-<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li>
-<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</li>
-<li>LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees</li>
-<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts</li>
-<li>LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares</li>
-<li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares</li>
-<li>LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
-<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li>
-<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li>
-<li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li>
-<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
-<li>Notifications/DisallowCloudNotification</li>
-<li>RestrictedGroups/ConfigureGroupMembership</li>
-<li>Search/AllowCortanaInAAD</li>
-<li>Search/DoNotUseWebResults</li>
-<li>Security/ConfigureWindowsPasswords</li>
-<li>Start/DisableContextMenus</li>
-<li>System/FeedbackHubAlwaysSaveDiagnosticsLocally</li>
-<li>SystemServices/ConfigureHomeGroupListenerServiceStartupMode</li>
-<li>SystemServices/ConfigureHomeGroupProviderServiceStartupMode</li>
-<li>SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode</li>
-<li>SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode</li>
-<li>SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode</li>
-<li>SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</li>
-<li>TaskScheduler/EnableXboxGameSaveTask</li>
-<li>TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode</li>
-<li>TextInput/ForceTouchKeyboardDockedState</li>
-<li>TextInput/TouchKeyboardDictationButtonAvailability</li>
-<li>TextInput/TouchKeyboardEmojiButtonAvailability</li>
-<li>TextInput/TouchKeyboardFullModeAvailability</li>
-<li>TextInput/TouchKeyboardHandwritingModeAvailability</li>
-<li>TextInput/TouchKeyboardNarrowModeAvailability</li>
-<li>TextInput/TouchKeyboardSplitModeAvailability</li>
-<li>TextInput/TouchKeyboardWideModeAvailability</li>
-<li>Update/ConfigureFeatureUpdateUninstallPeriod</li>
-<li>UserRights/AccessCredentialManagerAsTrustedCaller</li>
-<li>UserRights/AccessFromNetwork</li>
-<li>UserRights/ActAsPartOfTheOperatingSystem</li>
-<li>UserRights/AllowLocalLogOn</li>
-<li>UserRights/BackupFilesAndDirectories</li>
-<li>UserRights/ChangeSystemTime</li>
-<li>UserRights/CreateGlobalObjects</li>
-<li>UserRights/CreatePageFile</li>
-<li>UserRights/CreatePermanentSharedObjects</li>
-<li>UserRights/CreateSymbolicLinks</li>
-<li>UserRights/CreateToken</li>
-<li>UserRights/DebugPrograms</li>
-<li>UserRights/DenyAccessFromNetwork</li>
-<li>UserRights/DenyLocalLogOn</li>
-<li>UserRights/DenyRemoteDesktopServicesLogOn</li>
-<li>UserRights/EnableDelegation</li>
-<li>UserRights/GenerateSecurityAudits</li>
-<li>UserRights/ImpersonateClient</li>
-<li>UserRights/IncreaseSchedulingPriority</li>
-<li>UserRights/LoadUnloadDeviceDrivers</li>
-<li>UserRights/LockMemory</li>
-<li>UserRights/ManageAuditingAndSecurityLog</li>
-<li>UserRights/ManageVolume</li>
-<li>UserRights/ModifyFirmwareEnvironment</li>
-<li>UserRights/ModifyObjectLabel</li>
-<li>UserRights/ProfileSingleProcess</li>
-<li>UserRights/RemoteShutdown</li>
-<li>UserRights/RestoreFilesAndDirectories</li>
-<li>UserRights/TakeOwnership</li>
-<li>WindowsDefenderSecurityCenter/DisableAccountProtectionUI</li>
-<li>WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</li>
-<li>WindowsDefenderSecurityCenter/HideRansomwareDataRecovery</li>
-<li>WindowsDefenderSecurityCenter/HideSecureBoot</li>
-<li>WindowsDefenderSecurityCenter/HideTPMTroubleshooting</li>
-</ul>
-<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
+<li>DeviceStatus/TPM/SpecificationVersion</li>
+<li>DeviceStatus/OS/Edition</li>
+<li>DeviceStatus/Antivirus/SignatureStatus</li>
+<li>DeviceStatus/Antivirus/Status</li>
+<li>DeviceStatus/Antispyware/SignatureStatus</li>
+<li>DeviceStatus/Antispyware/Status</li>
+<li>DeviceStatus/Firewall/Status</li>
+<li>DeviceStatus/UAC/Status</li>
+<li>DeviceStatus/Battery/Status</li>
+<li>DeviceStatus/Battery/EstimatedChargeRemaining</li>
+<li>DeviceStatus/Battery/EstimatedRuntime</li>
+</ul></td>
 </tr>
 <tr class="odd">
-<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
-<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
-<ul>
-<li>AADSendDeviceToken</li>
-<li>BlockInStatusPage</li>
-<li>AllowCollectLogsButton</li>
-<li>CustomErrorText</li>
-<li>SkipDeviceStatusPage</li>
-<li>SkipUserStatusPage</li>
-</ul>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
-<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
-</td></tr>
-<tr class="odd">
-<td style="vertical-align:top">[Update CSP](update-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
-<ul>
-<li>Rollback</li>
-<li>Rollback/FeatureUpdate</li>
-<li>Rollback/QualityUpdateStatus</li>
-<li>Rollback/FeatureUpdateStatus</li>
-</ul>
-</td></tr>
-<tr class="odd">
 <td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
-<ul>
-<li>Status</li>
-<li>ShellLauncher</li>
-<li>StatusConfiguration</li>
-</ul>
-<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.</p>
-</td></tr>
+<td style="vertical-align:top"><p>Added SyncML examples.</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)</td>
+<td style="vertical-align:top"><ul>
+<li>Added a new Folder table entry in the AssignedAccess/AssignedAccessXml description.</li>
+<li>Updated the DDF and XSD file sections.</li>
+</ul></td>
+</tr>
 <tr class="odd">
-<td style="vertical-align:top">[MultiSIM CSP](multisim-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
-</td></tr>
+<td style="vertical-align:top">[SecureAssessment CSP](secureassessment-csp.md)</td>
+<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[DiagnosticLog CSP](diagnosticlog-csp.md)
+<p>[DiagnosticLog DDF](diagnosticlog-ddf.md)</p></td>
+<td style="vertical-align:top"><p>Added version 1.3 of the CSP with two new settings. Added the new 1.3 version of the DDF. Added the following new settings in Windows 10, version 1607.</p>
+<ul>
+<li>DeviceStateData</li>
+<li>DeviceStateData/MdmConfiguration</li>
+</ul></td>
+</tr>
 <tr class="odd">
-<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<td style="vertical-align:top">[Reboot CSP](reboot-csp.md)</td>
+<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md)</td>
+<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following settings for Windows 10, version 1607</p>
 <ul>
-<li>MaintainProcessorArchitectureOnUpdate</li>
-</ul>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<li><em>ProfileName</em>/RouteList/routeRowId/ExclusionRoute</li>
+<li><em>ProfileName</em>/DomainNameInformationList/<em>dniRowId</em>/AutoTrigger</li>
+<li><em>ProfileName</em>/DomainNameInformationList/dniRowId/Persistent</li>
+<li><em>ProfileName</em>/ProfileXML</li>
+<li><em>ProfileName</em>/DeviceCompliance/Enabled</li>
+<li><em>ProfileName</em>/DeviceCompliance/Sso</li>
+<li><em>ProfileName</em>/DeviceCompliance/Sso/Enabled</li>
+<li><em>ProfileName</em>/DeviceCompliance/Sso/IssuerHash</li>
+<li><em>ProfileName</em>/DeviceCompliance/Sso/Eku</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite/AuthenticationTransformConstants</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite/CipherTransformConstants</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite/EncryptionMethod</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite/IntegrityCheckMethod</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite/DHGroup</li>
+<li><em>ProfileName</em>/NativeProfile/CryptographySuite/PfsGroup</li>
+<li><em>ProfileName</em>/NativeProfile/L2tpPsk</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[Win32AppInventory CSP](win32appinventory-csp.md)
+<p>[Win32AppInventory DDF](win32appinventory-ddf-file.md)</p></td>
+<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607.</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[SharedPC CSP](sharedpc-csp.md)</td>
+<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607.</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)</td>
+<td style="vertical-align:top"><p>New CSP for Windows 10, version 1607.</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/hardware/dn905224)</td>
+<td style="vertical-align:top"><p>Added new classes for Windows 10, version 1607.</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)</td>
+<td style="vertical-align:top"><p>Topic renamed from &quot;Enrollment UI&quot;.</p>
+<p>Completely updated enrollment procedures and screenshots.</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
+<p>[UnifiedWriteFilter DDF File](unifiedwritefilter-ddf.md)</p></td>
+<td style="vertical-align:top"><p>Added the following new setting for Windows 10, version 1607:</p>
 <ul>
-<li>IsEnabled</li>
-</ul>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<li>NextSession/HORMEnabled</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[CertificateStore CSP](certificatestore-csp.md)
+<p>[CertificateStore DDF file](certificatestore-ddf-file.md)</p></td>
+<td style="vertical-align:top"><p>Added the following new settings in Windows 10, version 1607:</p>
 <ul>
-<li>OS/Mode</li>
-</ul>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[RootCATrustedCertificates CSP](rootcacertificates-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
+<li>My/WSTEP/Renew/LastRenewalAttemptTime</li>
+<li>My/WSTEP/Renew/RenewNow</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>[WindowsLicensing CSP](windowslicensing-csp.md)</p></td>
+<td style="vertical-align:top"><p>Added the following new node and settings in Windows 10, version 1607, but not documented:</p>
 <ul>
-<li>UntrustedCertificates</li>
+<li>Subscriptions</li>
+<li>Subscriptions/SubscriptionId</li>
+<li>Subscriptions/SubscriptionId/Status</li>
+<li>Subscriptions/SubscriptionId/Name</li>
 </ul>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[NetworkProxy CSP](\networkproxy--csp.md)</td>
-<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
-<ul>
-<li>ProxySettingsPerUser</li>
-</ul>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[Accounts CSP](accounts-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[MDM Migration Analysis Too (MMAT)](https://aka.ms/mmat)</td>
-<td style="vertical-align:top"><p>Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)</td>
-<td style="vertical-align:top"><p>Added the DDF download of Windows 10, version 1803 configuration service providers.</p>
-</td></tr>
+</td>
+</tr>
 </tbody>
 </table>
 
-## <a href="" id="whatsnew1809"></a>What's new in Windows 10, version 1809
+## What’s new in MDM for Windows 10, version 1511
 
 <table class="mx-tdBreakAll">
 <colgroup>
@@ -1387,175 +1436,173 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </colgroup>
 <thead>
 <tr class="header">
-<th>New or updated topic</th>
+<th>Item</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
-<tr>
-<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies in Windows 10, version 1809:</p>
+<tr class="odd">
+<td style="vertical-align:top"><p>New configuration service providers added in Windows 10, version 1511</p></td>
+<td style="vertical-align:top"><ul>
+<li>[AllJoynManagement CSP](alljoynmanagement-csp.md)</li>
+<li>[Maps CSP](maps-csp.md)</li>
+<li>[Reporting CSP](reporting-csp.md)</li>
+<li>[SurfaceHub CSP](surfacehub-csp.md)</li>
+<li>[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>New and updated policies in Policy CSP</p></td>
+<td style="vertical-align:top"><p>The following policies have been added to the [Policy CSP](policy-configuration-service-provider.md):</p>
 <ul>
-<li>ApplicationManagement/LaunchAppAfterLogOn</li>
-<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
-<li>Authentication/EnableFastFirstSignIn</li>
-<li>Authentication/EnableWebSignIn</li>
-<li>Authentication/PreferredAadTenantDomainName</li>
-<li>Browser/AllowFullScreenMode</li>
-<li>Browser/AllowPrelaunch</li>
-<li>Browser/AllowPrinting</li>
-<li>Browser/AllowSavingHistory</li>
-<li>Browser/AllowSideloadingOfExtensions</li>
-<li>Browser/AllowTabPreloading</li>
-<li>Browser/AllowWebContentOnNewTabPage</li>
-<li>Browser/ConfigureFavoritesBar</li>
-<li>Browser/ConfigureHomeButton</li>
-<li>Browser/ConfigureKioskMode</li>
-<li>Browser/ConfigureKioskResetAfterIdleTimeout</li>
-<li>Browser/ConfigureOpenMicrosoftEdgeWith</li>
-<li>Browser/ConfigureTelemetryForMicrosoft365Analytics</li>
-<li>Browser/PreventCertErrorOverrides</li>
-<li>Browser/SetHomeButtonURL</li>
-<li>Browser/SetNewTabPageURL</li>
-<li>Browser/UnlockHomeButton</li>
-<li>Defender/CheckForSignaturesBeforeRunningScan</li>
-<li>Defender/DisableCatchupFullScan </li>
-<li>Defender/DisableCatchupQuickScan </li>
-<li>Defender/EnableLowCPUPriority</li>
-<li>Defender/SignatureUpdateFallbackOrder</li>
-<li>Defender/SignatureUpdateFileSharesSources</li>
-<li>DeviceGuard/ConfigureSystemGuardLaunch</li>
-<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
-<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
-<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>
-<li>DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</li>
-<li>DmaGuard/DeviceEnumerationPolicy</li>
-<li>Experience/AllowClipboardHistory</li>
-<li>Experience/DoNotSyncBrowserSettings</li>
-<li>Experience/PreventUsersFromTurningOnBrowserSyncing</li>
-<li>Kerberos/UPNNameHints</li>
-<li>Privacy/AllowCrossDeviceClipboard</li>
-<li>Privacy/DisablePrivacyExperience</li>
-<li>Privacy/UploadUserActivities</li>
-<li>Security/RecoveryEnvironmentAuthentication</li>
-<li>System/AllowDeviceNameInDiagnosticData</li>
-<li>System/ConfigureMicrosoft365UploadEndpoint</li>
-<li>System/DisableDeviceDelete</li>
-<li>System/DisableDiagnosticDataViewer</li>
-<li>Storage/RemovableDiskDenyWriteAccess</li>
-<li>TaskManager/AllowEndTask</li>
-<li>Update/EngagedRestartDeadlineForFeatureUpdates</li>
-<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates</li>
-<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
-<li>Update/SetDisablePauseUXAccess</li>
-<li>Update/SetDisableUXWUAccess</li>
-<li>WindowsDefenderSecurityCenter/DisableClearTpmButton</li>
-<li>WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</li>
-<li>WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</li>
-<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
+<li>Accounts/DomainNamesForEmailSync</li>
+<li>ApplicationManagement/AllowWindowsBridgeForAndroidAppsExecution</li>
+<li>Bluetooth/ServicesAllowedList</li>
+<li>DataProtection/AllowAzureRMSForEDP</li>
+<li>DataProtection/RevokeOnUnenroll</li>
+<li>DeviceLock/DevicePasswordExpiration</li>
+<li>DeviceLock/DevicePasswordHistory</li>
+<li>TextInput/AllowInputPanel</li>
+<li>Update/PauseDeferrals</li>
+<li>Update/RequireDeferUpdate</li>
+<li>Update/RequireUpdateApproval</li>
 </ul>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[PassportForWork  CSP](passportforwork-csp.md)</td>
-<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[EnterpriseModernAppManagement  CSP](enterprisemodernappmanagement-csp.md)</td>
-<td style="vertical-align:top"><p>Added NonRemovable setting under AppManagement node in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[Win32CompatibilityAppraiser  CSP](win32compatibilityappraiser-csp.md)</td>
-<td style="vertical-align:top"><p>Added new configuration service provider in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[WindowsLicensing  CSP](windowslicensing-csp.md)</td>
-<td style="vertical-align:top"><p>Added S mode settings and SyncML examples in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[SUPL CSP](supl-csp.md)</td>
-<td style="vertical-align:top"><p>Added 3 new certificate nodes in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node Health/ProductStatus in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[DevDetail CSP](devdetail-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
-<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
-<td style="vertical-align:top"><p>Added new settings in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[TenantLockdown CSP](tenantlockdown-csp.md)</td>
-<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1809.</p>
-</td></tr>
-<tr>
-<td style="vertical-align:top">[Office CSP](office-csp.md)</td>
-<td style="vertical-align:top"><p>Added FinalStatus setting in Windows 10, version 1809.</p>
-</td></tr>
+<p>The following policies have been updated in the Policy CSP:</p>
+<ul>
+<li>System/AllowLocation</li>
+<li>Update/RequireDeferUpgrade</li>
+</ul>
+<p>The following policies have been deprecated in the Policy CSP:</p>
+<ul>
+<li>TextInput/AllowKoreanExtendedHanja</li>
+<li>WiFi/AllowWiFiHotSpotReporting</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>Management tool for the Micosoft Store for Business</p></td>
+<td style="vertical-align:top"><p>New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>Custom header for generic alert</p></td>
+<td style="vertical-align:top"><p>The MDM-GenericAlert is a new custom header that hosts one or more alert information provided in the http messages sent by the device to the server during an OMA DM session. The generic alert is sent if the session is triggered by the device due to one or more critical or fatal alerts. Here is alert format:</p>
+<code>MDM-GenericAlert: &lt;AlertType1&gt;&lt;AlertType2&gt;</code>
+<p>If present, the MDM-GenericAlert is presented in every the outgoing MDM message in the same OMA DM session. For more information about generic alerts, see section 8.7 in the OMA Device Management Protocol, Approved Version 1.2.1 in this [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>Alert message for slow client response</p></td>
+<td style="vertical-align:top"><p>When the MDM server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.</p>
+<p>To work around the timeout, you can use EnableOmaDmKeepAliveMessage setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. For details, see EnableOmaDmKeepAliveMessage node in the [DMClient CSP](dmclient-csp.md).</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>New node in DMClient CSP</p></td>
+<td style="vertical-align:top"><p>Added a new node EnableOmaDmKeepAliveMessage to the [DMClient CSP](dmclient-csp.md) and updated the ManagementServerAddress to indicate that it can contain a list of URLs.</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>New nodes in EnterpriseModernAppManagement CSP</p></td>
+<td style="vertical-align:top"><p>Added the following nodes to the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md):</p>
+<ul>
+<li>AppManagement/GetInventoryQuery</li>
+<li>AppManagement/GetInventoryResults</li>
+<li>.../<em>PackageFamilyName</em>/AppSettingPolicy/<em>SettingValue</em></li>
+<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/LicenseCategory</li>
+<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/LicenseUsage</li>
+<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/RequesterID</li>
+<li>AppLicenses/StoreLicenses/<em>LicenseID</em>/GetLicenseFromStore</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>New nodes in EnterpriseExt CSP</p></td>
+<td style="vertical-align:top"><p>Added the following nodes to the [EnterpriseExt CSP](enterpriseext-csp.md):</p>
+<ul>
+<li>DeviceCustomData (CustomID, CustomeString)</li>
+<li>Brightness (Default, MaxAuto)</li>
+<li>LedAlertNotification (State, Intensity, Period, DutyCycle, Cyclecount)</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>New node in EnterpriseExtFileSystem CSP</p></td>
+<td style="vertical-align:top"><p>Added OemProfile node to [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md).</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>New nodes in PassportForWork CSP</p></td>
+<td style="vertical-align:top"><p>Added the following nodes to [PassportForWork CSP](passportforwork-csp.md):</p>
+<ul>
+<li>TenantId/Policies/PINComplexity/History</li>
+<li>TenantId/Policies/PINComplexity/Expiration</li>
+<li>TenantId/Policies/Remote/UseRemotePassport (only for ./Device/Vendor/MSFT)</li>
+<li>Biometrics/UseBiometrics (only for ./Device/Vendor/MSFT)</li>
+<li>Biometrics/FacialFeaturesUseEnhancedAntiSpoofing (only for ./Device/Vendor/MSFT)</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>Updated EnterpriseAssignedAccess CSP</p></td>
+<td style="vertical-align:top"><p>Here are the changes to the [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md):</p>
+<ul>
+<li>In AssignedAccessXML node, added new page settings and quick action settings.</li>
+<li>In AssignedAccessXML node, added an example about how to pin applications in multiple app packages using the AUMID.</li>
+<li>Updated the [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) topic.</li>
+</ul></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>New nodes in the DevDetail CSP</p></td>
+<td style="vertical-align:top"><p>Here are the changes to the [DevDetail CSP](devdetail-csp.md):</p>
+<ul>
+<li>Added TotalStore and TotalRAM settings.</li>
+<li>Added support for Replace command for the DeviceName setting.</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>Handling large objects</p></td>
+<td style="vertical-align:top"><p>Added support for the client to handle uploading of large objects to the server.</p></td>
+</tr>
 </tbody>
 </table>
 
-
 ## Breaking changes and known issues
 
-### <a href="" id="getcommand"></a>Get command inside an atomic command is not supported
+### Get command inside an atomic command is not supported
 
 In Windows 10, a Get command inside an atomic command is not supported. This was allowed in Windows Phone 8 and Windows Phone 8.1.
 
-### <a href="" id="notification"></a>Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
+### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
 
 During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret.
 
 After upgrading to Windows 10, you should call MDM\_WNSConfiguration class to recreate the notification channel URI.
 
-### <a href="" id="appsnotremoved"></a>Apps installed using WMI classes are not removed
+### Apps installed using WMI classes are not removed
 
 Applications installed using WMI classes are not removed when the MDM account is removed from device.
 
-### <a href="" id="cdata"></a>Passing CDATA in SyncML does not work
+### Passing CDATA in SyncML does not work
 
 Passing CDATA in data in SyncML to ConfigManager and CSPs does not work in Windows 10. It worked in Windows Phone 8.
 
-### <a href="" id="sslsettings"></a>SSL settings in IIS server for SCEP must be set to "Ignore"
+### SSL settings in IIS server for SCEP must be set to "Ignore"
 
 The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10. In Windows Phone 8.1, when you set the client certificate to "Accept," it works fine.
 
 ![ssl settings](images/ssl-settings.png)
 
-### <a href="" id="enrollmentviaproxy"></a>MDM enrollment fails on the mobile device when traffic is going through proxy
+### MDM enrollment fails on the mobile device when traffic is going through proxy
 
 When the mobile device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that does not require authentication or remove the proxy setting from the connected network.
 
-### <a href="" id="unenrollment"></a>Server-initiated unenrollment failure
+### Server-initiated unenrollment failure
 
 Server-initiated unenrollment for a device enrolled by adding a work account silently fails leaving the MDM account active. MDM policies and resources are still in place and the client can continue to sync with the server.
 
 Remote server unenrollment is disabled for mobile devices enrolled via Azure Active Directory Join. It returns an error message to the server. The only way to remove enrollment for a mobile device that is Azure AD joined is by remotely wiping the device.
 
-### <a href="" id="certissues"></a>Certificates causing issues with Wi-Fi and VPN
+### Certificates causing issues with Wi-Fi and VPN
 
 Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
 
-### <a href="" id="versioninformation"></a>Version information for mobile devices
+### Version information for mobile devices
 
 The software version information from **DevDetail/SwV** does not match the version in **Settings** under **System/About**.
 
-### <a href="" id="whitelist"></a>Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues
+### Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues
 
 -   When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile using ApplicationRestrictions with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.
 
@@ -1575,7 +1622,7 @@ The software version information from **DevDetail/SwV** does not match the versi
 
     No workaround is available at this time. An OS update to fix this issue is coming soon.
 
-### <a href="" id="frameworks"></a>Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218
+### Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218
 
 Applies only to phone prior to build 10586.218: When ApplicationManagement/ApplicationRestrictions policy is deployed to Windows 10 Mobile, installation and update of apps dependent on Microsoft Frameworks may get blocked with error 0x80073CF9. To work around this issue, you must include the Microsoft Framework Id to your list of allowed apps.
 
@@ -1583,7 +1630,7 @@ Applies only to phone prior to build 10586.218: When ApplicationManagement/Appli
 <App ProductId="{00000000-0000-0000-0000-000000000000}" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"/>
 ```
 
-### <a href="" id="wificertissue"></a>Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
+### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile
 
 In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
 
@@ -1756,26 +1803,49 @@ Alternatively you can use the following procedure to create an EAP Configuration
 >You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx) topic.
 
 
-### <a href="" id="remote"></a>Remote PIN reset not supported in Azure Active Directory joined mobile devices
+### Remote PIN reset not supported in Azure Active Directory joined mobile devices
 
 In Windows 10 Mobile, remote PIN reset in Azure AD joined devices are not supported. Devices are wiped when you issue a remote PIN reset command using the RemoteLock CSP.
 
-### <a href="" id="renewwns"></a>MDM client will immediately check-in with the MDM server after client renews WNS channel URI
+### MDM client will immediately check-in with the MDM server after client renews WNS channel URI
 
 Starting in Windows 10, after the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
 
-### <a href="" id="userprovisioning"></a>User provisioning failure in Azure Active Directory joined Windows 10 PC
+### User provisioning failure in Azure Active Directory joined Windows 10 PC
 
 In Azure AD joined Windows 10 PC, provisioning /.User resources fails when the user is not logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** &gt; **System** &gt; **About** user interface, make sure to log off and log on with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
 
-### <a href="" id="kerberos"></a>Requirements to note for VPN certificates also used for Kerberos Authentication
+### Requirements to note for VPN certificates also used for Kerberos Authentication
 
 If you want to use the certificate used for VPN authentication also for Kerberos authentication (required if you need access to on-premises resources using NTLM or Kerberos), the user's certificate must meet the requirements for smart card certificate, the Subject field should contain the DNS domain name in the DN or the SAN should contain a fully qualified UPN so that the DC can be located from the DNS registrations. If certificates that do not meet these requirements are used for VPN, users may fail to access resources that require Kerberos authentication. This issue primarily impacts Windows Phone.
 
-### <a href="" id="pushbuttonreset"></a>Device management agent for the push-button reset is not working
+### Device management agent for the push-button reset is not working
 
 The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/push-button-reset-overview) keeps the registry settings for OMA DM sessions, but deletes the task schedules. The client enrollment is retained, but it never syncs with the MDM service.
 
+## Frequently Asked Questions
+
+
+###**Can there be more than 1 MDM server to enroll and manage devices in Windows 10?**
+No. Only one MDM is allowed.
+
+###**How do I set the maximum number of Azure Active Directory joined devices per user?**
+1.  Login to the portal as tenant admin: https://manage.windowsazure.com.
+2.  Click Active Directory on the left pane.
+3.  Choose your tenant.
+4.  Click **Configure**.
+5.  Set quota to unlimited.
+
+    ![aad maximum joined devices](images/faq-max-devices.png)
+ 
+
+###**What is dmwappushsvc?**
+
+Entry | Description
+--------------- | --------------------
+What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
+What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. |
+How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to do this. |
 
 ## Change history in MDM documentation
 
@@ -1943,8 +2013,8 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <ul>
 <li>ApplicationManagement/LaunchAppAfterLogOn</li>
 <li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
-<li>Authentication/EnableFastFirstSignIn</li>
-<li>Authentication/EnableWebSignIn</li>
+<li>Authentication/EnableFastFirstSignIn (Preview mode only)</li>
+<li>Authentication/EnableWebSignIn (Preview mode only)</li>
 <li>Authentication/PreferredAadTenantDomainName</li>
 <li>Defender/CheckForSignaturesBeforeRunningScan</li>
 <li>Defender/DisableCatchupFullScan </li>
@@ -2676,8 +2746,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>ExploitGuard/ExploitProtectionSettings</li>
 <li>Games/AllowAdvancedGamingServices</li>
 <li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
-<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
-<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
 <li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
 <li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li>
 <li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li>
@@ -2720,35 +2788,3 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 </tbody>
 </table>
-
- 
-
-## FAQ
-
-
-<a href="" id="can-there-be-more-than-1-mdm-server-to-enroll-and-manage-devices-in--"></a>**Can there be more than 1 MDM server to enroll and manage devices in Windows 10?**
-No. Only one MDM is allowed.
-
-<a href="" id="how-do-i-set-the-maximum-number-of-azure-active-directory-joined-devices-per-user-"></a>**How do I set the maximum number of Azure Active Directory joined devices per user?**
-1.  Login to the portal as tenant admin: https://manage.windowsazure.com.
-2.  Click Active Directory on the left pane.
-3.  Choose your tenant.
-4.  Click **Configure**.
-5.  Set quota to unlimited.
-
-    ![aad maximum joined devices](images/faq-max-devices.png)
- 
-
-<a href="" id="dwmapppushsvc "></a>**What is dmwappushsvc?**
-
-Entry | Description
---------------- | --------------------
-What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
-What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. |
-How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to do this. |
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index 28bcf637f6..d04fa8b63b 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -30,7 +30,7 @@ The following diagram shows the NodeCache configuration service provider in tree
 ![nodecache csp](images/provisioning-csp-nodecache.png)
 
 <a href="" id="--device-vendor-msft"></a>**./Device/Vendor/MSFT and ./User/Vendor/MSFT**  
-Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax. Starting in Windows 10, version 1607 the value is com.microsoft/\<version\>/MDM/NodeCache.
+Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax.
 
 <a href="" id="providerid"></a>***ProviderID***  
 Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one *ProviderID* node under **NodeCache**. Scope is dynamic.
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 00d74b6472..bc3f8c600a 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,13 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 03/01/2019
+ms.date: 05/01/2019
 ---
 
 # Policy CSP
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
 
@@ -364,10 +364,10 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice" id="authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
   </dd>
   <dd>
-    <a href="./policy-csp-authentication.md#authentication-enablefastfirstsignin" id="authentication-enablefastfirstsignin">Authentication/EnableFastFirstSignIn</a>
+    <a href="./policy-csp-authentication.md#authentication-enablefastfirstsignin" id="authentication-enablefastfirstsignin">Authentication/EnableFastFirstSignIn</a> (Preview mode only)
   </dd>
   <dd>
-    <a href="./policy-csp-authentication.md#authentication-enablewebsignin" id="authentication-enablewebsignin">Authentication/EnableWebSignIn</a>
+    <a href="./policy-csp-authentication.md#authentication-enablewebsignin" id="authentication-enablewebsignin">Authentication/EnableWebSignIn</a> (Preview mode only)
   </dd>
   <dd>
     <a href="./policy-csp-authentication.md#authentication-preferredaadtenantdomainname" id="authentication-preferredaadtenantdomainname">Authentication/PreferredAadTenantDomainName</a>
@@ -913,6 +913,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp" id="deliveryoptimization-dodelayforegrounddownloadfromhttp">DeliveryOptimization/DODelayForegroundDownloadFromHttp</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground" id="deliveryoptimization-dodelaycacheserverfallbackbackground">DeliveryOptimization/DODelayCacheServerFallbackBackground</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground" id="deliveryoptimization-dodelaycacheserverfallbackforeground">DeliveryOptimization/DODelayCacheServerFallbackForeground</a>
+  </dd>
   <dd>
     <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode" id="deliveryoptimization-dodownloadmode">DeliveryOptimization/DODownloadMode</a>
   </dd>
@@ -1262,6 +1268,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing" id="experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-showlockonusertile" id="experience-showlockonusertile">Experience/ShowLockOnUserTile</a>
+  </dd>
 </dl>
 
 ### ExploitGuard policies
@@ -2116,12 +2125,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts" id="localpoliciessecurityoptions-accounts-blockmicrosoftaccounts">LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus" id="localpoliciessecurityoptions-accounts-enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableguestaccountstatus" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
-  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
   </dd>
@@ -2413,6 +2416,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-power.md#power-displayofftimeoutpluggedin" id="power-displayofftimeoutpluggedin">Power/DisplayOffTimeoutPluggedIn</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-energysaverbatterythresholdonbattery"
+    id="power-energysaverbatterythresholdonbattery">Power/EnergySaverBatteryThresholdOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-energysaverbatterythresholdpluggedin"
+    id="power-energysaverbatterythresholdpluggedin">Power/EnergySaverBatteryThresholdPluggedIn</a>
+  </dd>
   <dd>
     <a href="./policy-csp-power.md#power-hibernatetimeoutonbattery" id="power-hibernatetimeoutonbattery">Power/HibernateTimeoutOnBattery</a>
   </dd>
@@ -2425,12 +2436,52 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin" id="power-requirepasswordwhencomputerwakespluggedin">Power/RequirePasswordWhenComputerWakesPluggedIn</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-selectlidcloseactiononbattery"
+    id="power-selectlidcloseactiononbattery">Power/SelectLidCloseActionOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-selectlidcloseactionpluggedin"
+    id="power-selectlidcloseactionpluggedin">Power/SelectLidCloseActionPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-selectpowerbuttonactiononbattery"
+    id="power-selectpowerbuttonactiononbattery">Power/SelectPowerButtonActionOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-selectpowerbuttonactionpluggedin"
+    id="power-selectpowerbuttonactionpluggedin">Power/SelectPowerButtonActionPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-selectsleepbuttonactiononbattery"
+    id="power-selectsleepbuttonactiononbattery">Power/SelectSleepButtonActionOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-selectsleepbuttonactionpluggedin"
+    id="power-selectsleepbuttonactionpluggedin">Power/SelectSleepButtonActionPluggedIn</a>
+  </dd>
   <dd>
     <a href="./policy-csp-power.md#power-standbytimeoutonbattery" id="power-standbytimeoutonbattery">Power/StandbyTimeoutOnBattery</a>
   </dd>
   <dd>
     <a href="./policy-csp-power.md#power-standbytimeoutpluggedin" id="power-standbytimeoutpluggedin">Power/StandbyTimeoutPluggedIn</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-turnoffhybridsleeponbattery"
+    id="power-turnoffhybridsleeponbattery">Power/TurnOffHybridSleepOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-turnoffhybridsleeppluggedin"
+    id="power-turnoffhybridsleeppluggedin">Power/TurnOffHybridSleepPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-unattendedsleeptimeoutonbattery"
+    id="power-unattendedsleeptimeoutonbattery">Power/UnattendedSleepTimeoutOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-unattendedsleeptimeoutpluggedin"
+    id="power-unattendedsleeptimeoutpluggedin">Power/UnattendedSleepTimeoutPluggedIn</a>
+  </dd>
 </dl>
 
 ### Printers policies
@@ -3101,7 +3152,7 @@ The following diagram shows the Policy configuration service provider in tree fo
     <a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
   </dd>
   <dd>
-    <a href="#./policy-csp-storage.mdstorage-removablediskdenywriteaccess" id="storage-removablediskdenywriteaccess">Storage/RemovableDiskDenyWriteAccess</a>
+    <a href="./policy-csp-storage.md#storage-removablediskdenywriteaccess" id="storage-removablediskdenywriteaccess">Storage/RemovableDiskDenyWriteAccess</a>
   </dd>
 </dl>
 
@@ -3111,6 +3162,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-system.md#system-allowbuildpreview" id="system-allowbuildpreview">System/AllowBuildPreview</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowcommercialdatapipeline" id="system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a>
+  </dd>
   <dd>
     <a href="./policy-csp-system.md#system-allowdevicenameindiagnosticdata" id="system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
   </dd>
@@ -3171,6 +3225,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-system.md#system-telemetryproxy" id="system-telemetryproxy">System/TelemetryProxy</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-turnofffilehistory" id="system-turnofffilehistory">System/TurnOffFileHistory</a>
+  </dd>
 </dl>
 
 ### SystemServices policies
@@ -3336,9 +3393,24 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-autorestartrequirednotificationdismissal" id="update-autorestartrequirednotificationdismissal">Update/AutoRestartRequiredNotificationDismissal</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-automaticmaintenancewakeup" id="update-automaticmaintenancewakeup">Update/AutomaticMaintenanceWakeUp</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-branchreadinesslevel" id="update-branchreadinesslevel">Update/BranchReadinessLevel</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-configuredeadlineforfeatureupdates" id="update-configuredeadlineforfeatureupdates">Update/ConfigureDeadlineForFeatureUpdates</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-configuredeadlineforqualityupdates" id="update-configuredeadlineforqualityupdates">Update/ConfigureDeadlineForQualityUpdates</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-configuredeadlinegraceperiod" id="update-configuredeadlinegraceperiod">Update/ConfigureDeadlineGracePeriod</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-configuredeadlinenoautoreboot" id="update-configuredeadlinenoautoreboot">Update/ConfigureDeadlineNoAutoReboot</a>
+  </dd>
   <dd>
     <a href="./policy-csp-update.md#update-configurefeatureupdateuninstallperiod" id="update-configurefeatureupdateuninstallperiod">Update/ConfigureFeatureUpdateUninstallPeriod</a>
   </dd>
@@ -3678,22 +3750,28 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### WindowsLogon policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon" id="windowslogon-allowautomaticrestartsignon">WindowsLogon/AllowAutomaticRestartSignOn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon" id="windowslogon-configautomaticrestartsignon">WindowsLogon/ConfigAutomaticRestartSignOn</a>
+  </dd>
   <dd>
     <a href="./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications" id="windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
   </dd>
   <dd>
     <a href="./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui" id="windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation" id="#windowslogon-enablefirstlogonanimation">WindowsLogon/EnableFirstLogonAnimation</a>
+  </dd>
   <dd>
     <a href="./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers" id="windowslogon-enumeratelocalusersondomainjoinedcomputers">WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers</a>
   </dd>
   <dd>
     <a href="./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching" id="windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart" id="windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart">WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart</a>
-  </dd>
-</dl>
+  </dl>
 
 ### WindowsPowerShell policies
 
@@ -4116,10 +4194,11 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
 -   [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
 -   [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
+-   [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
+-   [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
 -   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
 -   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
 -   [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
--   [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
 -   [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
 
 
@@ -4293,11 +4372,13 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
 -   [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
 -   [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
--   [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
+ [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
 -   [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
 -   [DeliveryOptimization/DOCacheHost](./policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
 -   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
 -   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayCacheServerFallbackBackground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
+-   [DeliveryOptimization/DODelayCacheServerFallbackForeground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
 -   [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
 -   [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
 -   [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
@@ -4313,6 +4394,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
 -   [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
 -   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
 -   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
 -   [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
 -   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
@@ -4362,6 +4444,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
 -   [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting)
 -   [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
+-   [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
 -   [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
 -   [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
 -   [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
@@ -4620,8 +4703,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
 -   [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
 -   [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
--   [LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus)
--   [LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-enableguestaccountstatus)
 -   [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly)
 -   [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount)
 -   [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount)
@@ -4699,12 +4780,24 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
 -   [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
 -   [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+-   [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
+-   [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
 -   [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
 -   [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
 -   [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
 -   [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
+-   [Power/SelectLidCloseActionOnBattery](./policy-csp-power.md#power-selectlidcloseactiononbattery)
+-   [Power/SelectLidCloseActionPluggedIn](./policy-csp-power.md#power-selectlidcloseactionpluggedin)
+-   [Power/SelectPowerButtonActionOnBattery](./policy-csp-power.md#power-selectpowerbuttonactiononbattery)
+-   [Power/SelectPowerButtonActionPluggedIn](./policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
+-   [Power/SelectSleepButtonActionOnBattery](./policy-csp-power.md#power-selectsleepbuttonactiononbattery)
+-   [Power/SelectSleepButtonActionPluggedIn](./policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
 -   [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
 -   [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
+-   [Power/TurnOffHybridSleepOnBattery](./policy-csp-power.md#power-turnoffhybridsleeponbattery)
+-   [Power/TurnOffHybridSleepPluggedIn](./policy-csp-power.md#power-turnoffhybridsleeppluggedin)
+-   [Power/UnattendedSleepTimeoutOnBattery](./policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
+-   [Power/UnattendedSleepTimeoutPluggedIn](./policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
 -   [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
 -   [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
 -   [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
@@ -4847,6 +4940,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
 -   [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
 -   [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
+-   [System/AllowCommercialDataPipeline](./policy-csp-system.md#system-allowcommercialdatapipeline)
 -   [System/AllowDeviceNameInDiagnosticData](./policy-csp-system.md#system-allowdevicenameindiagnosticdata)
 -   [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
 -   [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
@@ -4862,6 +4956,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
 -   [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics)
 -   [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy)
+-   [System/TurnOffFileHistory](./policy-csp-system.md#system-turnofffilehistory)
 -   [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode)
 -   [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode)
 -   [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode)
@@ -4881,7 +4976,12 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
 -   [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
 -   [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
+-   [Update/AutomaticMaintenanceWakeUp](./policy-csp-update.md#update-automaticmaintenancewakeup)
 -   [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
+-   [Update/ConfigureDeadlineForFeatureUpdates](./policy-csp-update.md#update-configuredeadlineforfeatureupdates)
+-   [Update/ConfigureDeadlineForQualityUpdates](./policy-csp-update.md#update-configuredeadlineforqualityupdates)
+-   [Update/ConfigureDeadlineGracePeriod](./policy-csp-update.md#update-configuredeadlinegraceperiod)
+-   [Update/ConfigureDeadlineNoAutoReboot](./policy-csp-update.md#update-configuredeadlinenoautoreboot)
 -   [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays)
 -   [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays)
 -   [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod)
@@ -4975,111 +5075,320 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
 -   [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
 -   [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
+-   [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
+-   [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
 -   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
 -   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
+-   [WindowsLogon/EnableFirstLogonAnimation](./policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)
 -   [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
 -   [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
--   [WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart](./policy-csp-windowslogon.md#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart)
 -   [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
 -   [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
 -   [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
 
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Policies supported by Windows Holographic for Business  
+
+- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)  
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)  
+- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)  
+- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
+- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
+- [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname)
+- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+- [Browser/AllowAutofill](#browser-allowautofill)
+- [Browser/AllowCookies](#browser-allowcookies)  
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
+- [Browser/AllowPopups](#browser-allowpopups)  
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)  
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)  
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)  
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)  
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)  
+- [Experience/AllowCortana](#experience-allowcortana)  
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
+- [Settings/AllowDateTime](#settings-allowdatetime)  
+- [Settings/AllowVPN](#settings-allowvpn)
+- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
+- [System/AllowLocation](#system-allowlocation)  
+- [System/AllowTelemetry](#system-allowtelemetry)
+- [Update/AllowAutoUpdate](#update-allowautoupdate)  
+- [Update/AllowUpdateService](#update-allowupdateservice)  
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
+- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/ScheduledInstallDay](#update-scheduledinstallday)  
+- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
+- [Update/UpdateServiceUrl](#update-updateserviceurl)
+- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
+<!--EndHoloLensBusiness-->
+
 <!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Policies supported by Windows Holographic for Business  
-
--   [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)  
--   [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)  
--   [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)  
--   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
--   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
--   [Authentication/PreferredAadTenantDomainName​](#authentication-preferredaadtenantdomainname)
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
--   [Browser/AllowAutofill​](#browser-allowautofill)
--   [Browser/AllowCookies](#browser-allowcookies)  
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
--   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
--   [Browser/AllowPopups](#browser-allowpopups)  
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowUSBConnection​](#connectivity-allowusbconnection)
--   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)  
--   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) 
--   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)  
--   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
--   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)  
--   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)  
--   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)  
--   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)  
--   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)  
--   [Experience/AllowCortana](#experience-allowcortana)  
--   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
--   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
--   [Settings/AllowDateTime](#settings-allowdatetime)  
--   [Settings/AllowVPN](#settings-allowvpn)
--   [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
--   [System/AllowLocation](#system-allowlocation)  
--   [System/AllowTelemetry](#system-allowtelemetry)  
--   [Update/AllowAutoUpdate](#update-allowautoupdate)  
--   [Update/AllowUpdateService](#update-allowupdateservice)  
--   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
--   [Update/RequireUpdateApproval](#update-requireupdateapproval)
--   [Update/ScheduledInstallDay​](#update-scheduledinstallday)  
--   [Update/ScheduledInstallTime](#update-scheduledinstalltime)
--   [Update/UpdateServiceUrl](#update-updateserviceurl)
--   [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
-
-
 ## <a href="" id="hololenspolicies"></a>Policies supported by Windows Holographic
 
--   [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
--   [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
--   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
--   [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
--   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)
--   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
--   [Browser/AllowPopups](#browser-allowpopups)
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)
--   [Browser/AllowCookies](#browser-allowcookies)
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
--   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
--   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
--   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
--   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
--   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
--   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
--   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
--   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
--   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
--   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
--   [Experience/AllowCortana](#experience-allowcortana)
--   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
--   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
--   [Settings/AllowDateTime](#settings-allowdatetime)
--   [Settings/AllowVPN](#settings-allowvpn)
--   [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
--   [System/AllowTelemetry](#system-allowtelemetry)
--   [System/AllowLocation](#system-allowlocation)
--   [Update/AllowAutoUpdate](#update-allowautoupdate)
--   [Update/AllowUpdateService](#update-allowupdateservice)
--   [Update/RequireUpdateApproval](#update-requireupdateapproval)
--   [Update/ScheduledInstallDay](#update-scheduledinstallday)  
--   [Update/ScheduledInstallTime](#update-scheduledinstalltime)
--   [Update/UpdateServiceUrl](#update-updateserviceurl)
--   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
--   [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
-
+- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
+- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
+- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
+- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
+- [Browser/AllowPopups](#browser-allowpopups)
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+- [Browser/AllowCookies](#browser-allowcookies)
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+- [Experience/AllowCortana](#experience-allowcortana)
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+- [Settings/AllowDateTime](#settings-allowdatetime)
+- [Settings/AllowVPN](#settings-allowvpn)
+- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
+- [System/AllowTelemetry](#system-allowtelemetry)
+- [System/AllowLocation](#system-allowlocation)
+- [Update/AllowAutoUpdate](#update-allowautoupdate)
+- [Update/AllowUpdateService](#update-allowupdateservice)
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/ScheduledInstallDay](#update-scheduledinstallday)  
+- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
+- [Update/UpdateServiceUrl](#update-updateserviceurl)
+- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
+- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 <!--EndHoloLens-->
 
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Policies supported by Microsoft Surface Hub
+
+- [Camera/AllowCamera](#camera-allowcamera)
+- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
+- [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)  
+- [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
+- [Defender/AllowArchiveScanning](#defender-allowarchivescanning)  
+- [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)  
+- [Defender/AllowCloudProtection](#defender-allowcloudprotection)  
+- [Defender/AllowEmailScanning](#defender-allowemailscanning)  
+- [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives)  
+- [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning)  
+- [Defender/AllowIOAVProtection](#defender-allowioavprotection)  
+- [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem)  
+- [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection)  
+- [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring)  
+- [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles)  
+- [Defender/AllowScriptScanning](#defender-allowscriptscanning)  
+- [Defender/AllowUserUIAccess](#defender-allowuseruiaccess)  
+- [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor)  
+- [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware)  
+- [Defender/ExcludedExtensions](#defender-excludedextensions)  
+- [Defender/ExcludedPaths](#defender-excludedpaths)  
+- [Defender/ExcludedProcesses](#defender-excludedprocesses)  
+- [Defender/PUAProtection](#defender-puaprotection)  
+- [Defender/RealTimeScanDirection](#defender-realtimescandirection)  
+- [Defender/ScanParameter](#defender-scanparameter)  
+- [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime)  
+- [Defender/ScheduleScanDay](#defender-schedulescanday)  
+- [Defender/ScheduleScanTime](#defender-schedulescantime)  
+- [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval)  
+- [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent)  
+- [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction)
+- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)  
+- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)  
+- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)  
+- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)  
+- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)  
+- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)  
+- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)  
+- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)  
+- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)  
+- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)  
+- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)  
+- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)  
+- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)  
+- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)  
+- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+- [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)
+- [TextInput/AllowIMELogging](#textinput-allowimelogging)  
+- [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess)  
+- [TextInput/AllowInputPanel](#textinput-allowinputpanel)  
+- [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters)  
+- [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters)  
+- [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph)  
+- [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary)  
+- [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall)  
+- [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)  
+- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)  
+- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)
+- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)
+<!--EndSurfaceHub-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Policies supported by Windows 10 IoT Core
+
+- [Camera/AllowCamera](#camera-allowcamera)
+- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
+- [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon)  
+- [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword)
+- [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess)
+- [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+- [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+- [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+- [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+- [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+- [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+- [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+- [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+- [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+- [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+- [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+- [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+- [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+- [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+- [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+- [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+- [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+- [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots)  
+- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
+- [Wifi/AllowWiFi](#wifi-allowwifi)  
+- [Wifi/WLANScanMode](#wifi-wlanscanmode)
+<!--EndIoTCore-->
+
+<!--StartIoTEnterprise-->
+## <a href="" id="iotcore"></a>Policies supported by Windows 10 IoT Enterprise
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+-   [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+-   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+-   [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+-   [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+-   [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+-   [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+
+<!--EndIoTCoreEnterprise-->
+
 <!--StartEAS-->
 ## <a href="" id="eas"></a>Policies that can be set using Exchange Active Sync (EAS)  
 
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index dc3c75da62..882f3767a3 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/30/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Accounts
@@ -240,15 +240,28 @@ The default value is an empty string, which allows all email accounts on the dev
 
 <!--/Description-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Accounts policies supported by Windows Holographic
+
+- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Accounts policies supported by Windows Holographic for Business
+
+- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
 
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index c936dbc5db..994c53f7ca 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/08/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - ApplicationManagement
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -1038,16 +1038,31 @@ XSD:
 
 <!--/Validation-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>ApplicationManagement policies supported by Windows Holographic
 
+- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->  
+## <a href="" id="hololenbusinessspolicies"></a>ApplicationManagement policies supported by Windows Holographic for Business
+
+- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
+- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in the next major release of Windows 10.
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index b40a98a737..58790db16d 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/30/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Authentication
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -354,6 +354,9 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
+> [!Warning]
+> This policy is only in preview mode and therefore not meant or recommended for production purposes.
+
 This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts.
 
 Value type is integer. Supported values:
@@ -412,9 +415,12 @@ Value type is integer. Supported values:
 
 <!--/Scope-->
 <!--Description-->
+> [!Warning]
+> This policy is only in preview mode and therefore not meant or recommended for production purposes.
+
 "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for non-ADFS federated providers (e.g. SAML). 
 
-> [!Note]  
+> [!Note]
 > Web Sign-in is only supported on Azure AD Joined PCs.
 
 Value type is integer. Supported values:
@@ -491,15 +497,27 @@ Value type is string.
 
 <!--/Validation-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Authentication policies supported by Windows Holographic
+
+- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Authentication policies supported by Windows Holographic for Business
+
+- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
+- [Authentication/PreferredAadTenantDomainName](#authentication-preferredaadtenantdomainname)
+<!--EndHoloLensBusiness-->
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 82eb7ed2c3..8abc1aaa7a 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 11/15/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Bluetooth
@@ -339,17 +339,34 @@ The default value is an empty string. For more information, see [ServicesAllowed
 
 <!--/Description-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Bluetooth policies supported by Windows Holographic
+
+- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Bluetooth policies supported by Windows Holographic for Business
+
+- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
+- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
+- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
+<!--EndHoloLensBusiness-->
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+
 ## ServicesAllowedList usage guide
 
 When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow pairing and connections of Windows PCs and phones to explicitly defined Bluetooth profiles and services. It is an allowed list, enabling admins to still allow custom Bluetooth profiles that are not defined by the Bluetooth Special Interests Group (SIG).
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 9b9cc1b64f..cf8010c0ce 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,13 +6,13 @@ ms.prod: w10
 ms.technology: windows
 author: shortpatti
 ms.author: pashort
-ms.date: 10/02/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Browser
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -3963,15 +3963,38 @@ Supported values:
 Most restricted value: 0
 <!--/SupportedValues-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Supported versions, version 1607.
--   2 - Supported versions, version 1703.
--   3 - Supported versions, version 1709.
--   4 - Supported versions, version 1803.
--   5 - Supported versions, version 1809.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Browser policies supported by Windows Holographic
+
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
+- [Browser/AllowPopups](#browser-allowpopups)
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+- [Browser/AllowCookies](#browser-allowcookies)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Browser policies supported by Windows Holographic for Business
+
+- [Browser/AllowAutofill](#browser-allowautofill)
+- [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+- [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
+- [Browser/AllowPopups](#browser-allowpopups)
+- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
+- [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+- [Browser/AllowCookies](#browser-allowcookies)
+ <!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 0806fb596a..34d9585326 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/30/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Connectivity
@@ -961,16 +961,32 @@ ADMX Info:
 
 <!--/ADMXBacked-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Connectivity policies supported by Windows Holographic
+
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
+- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Connectivity policies supported by Windows Holographic for Business
+
+- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
+- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+
 
 
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index f6626284ef..c51f4ad30a 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -67,7 +67,7 @@ Added in Windows 10, version 1803. This policy allows the IT admin to control wh
 > [!Note]  
 > MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers.
 
-This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
+This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 Note: This policy doesn’t support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1.
 
 The following list shows the supported values:
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 95e6d74539..a6226c81d3 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/06/2018
+ms.date: 05/15/2019
 ---
 
 # Policy CSP - DeliveryOptimization
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -36,6 +36,12 @@ ms.date: 07/06/2018
   <dd>
     <a href="#deliveryoptimization-dodelayforegrounddownloadfromhttp">DeliveryOptimization/DODelayForegroundDownloadFromHttp</a>
   </dd>
+  <dd>
+    <a href="#deliveryoptimization-dodelaycacheserverfallbackbackground">DeliveryOptimization/DODelayCacheServerFallbackBackground</a>
+  </dd>
+  <dd>
+    <a href="#deliveryoptimization-dodelaycacheserverfallbackforeground">DeliveryOptimization/DODelayCacheServerFallbackForeground</a>
+  </dd>
   <dd>
     <a href="#deliveryoptimization-dodownloadmode">DeliveryOptimization/DODownloadMode</a>
   </dd>
@@ -403,6 +409,144 @@ The following list shows the supported values as number of seconds:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="deliveryoptimization-dodelaycacheserverfallbackbackground"></a>**DeliveryOptimization/DODelayCacheServerFallbackBackground**  
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+
+</table>
+
+<!--/SupportedSKUs-->
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+
+<!--Description-->
+Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for a background content download.
+
+> [!NOTE]
+> The [DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp) policy takes precedence over this policy to allow downloads from peers first.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Delay Background download Cache Server fallback (in seconds)*
+-   GP name: *DelayCacheServerFallbackBackground*
+-   GP element: *DelayCacheServerFallbackBackground*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+
+<!--/ADMXMapped-->
+
+<!--SupportedValues-->
+This policy is specified in seconds.  
+Supported values: 0 - one month (in seconds)
+<!--/SupportedValues-->
+
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+
+<a href="" id="deliveryoptimization-dodelaycacheserverfallbackforeground"></a>**DeliveryOptimization/DODelayCacheServerFallbackForeground**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+
+<!--Description-->
+Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for foreground content download.
+
+> [!NOTE]
+> The [DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp) policy takes precedence over this policy to allow downloads from peers first.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Delay Foreground download Cache Server fallback (in seconds)*
+-   GP name: *DelayCacheServerFallbackForeground*
+-   GP element: *DelayCacheServerFallbackForeground*
+-   GP path: *Windows Components/Delivery Optimization*
+-   GP ADMX file name: *DeliveryOptimization.admx*
+<!--/ADMXMapped-->
+
+<!--SupportedValues-->
+This policy is specified in seconds.  
+Supported values: 0 - one month (in seconds)
+<!--/SupportedValues-->
+
+<!--Example-->
+<!--/Example-->
+<!--Validation-->
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="deliveryoptimization-dodownloadmode"></a>**DeliveryOptimization/DODownloadMode**  
 
@@ -985,7 +1129,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
 
 
-Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB.
+Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. Recommended values: 64 GB to 256 GB.
 
 > [!NOTE]
 > If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy.
@@ -1046,7 +1190,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
 
 
-Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB.
+Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100,000 MB.
 
 The default value is 100 MB.
 
@@ -1104,7 +1248,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
 
 
-Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
+Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. For example, if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
 
 The default value is 4 GB.
 
@@ -1558,19 +1702,138 @@ This policy allows an IT Admin to define the following:
 
 <!--/SupportedValues-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>DeliveryOptimization policies supported by Windows Holographic
+
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+-   [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+-   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+-   [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+-   [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+-   [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+-   [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+<!--EndHoloLens-->
+  
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>DeliveryOptimization policies supported by Windows Holographic for Business
+
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+-   [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+-   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+-   [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+-   [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+-   [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+-   [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+<!--EndHoloLensBusiness-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>DeliveryOptimization policies supported by IoT Core  
+
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+-   [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+-   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+-   [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+-   [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+-   [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+-   [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+<!--EndIoTCore-->
+
+<!--StartIoTEnterprise-->
+## <a href="" id="iotcore"></a>DeliveryOptimization policies supported by IoT Enterprise  
+
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
+-   [DeliveryOptimization/DOCacheHost](#deliveryoptimization-docachehost)
+-   [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayForegroundDownloadFromHttp](#deliveryoptimization-dodelayforegrounddownloadfromhttp)
+-   [DeliveryOptimization/DODelayCacheServerFallbackBackground](#deliveryoptimization-dodelaycacheserverfallbackbackground)
+-   [DeliveryOptimization/DODelayCacheServerFallbackForeground](#deliveryoptimization-dodelaycacheserverfallbackforeground)
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
+-   [DeliveryOptimization/DOGroupIdSource](#deliveryoptimization-dogroupidsource)
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
+-   [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](#deliveryoptimization-dominbatterypercentageallowedtoupload)
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
+-   [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
+-   [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth)
+-   [DeliveryOptimization/DORestrictPeerSelectionBy](#deliveryoptimization-dorestrictpeerselectionby)
+-   [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
+-   [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
+  
+<!--EndIoTEnterprise-->
+
 <!--StartSurfaceHub-->
 ## <a href="" id="surfacehubpolicies"></a>DeliveryOptimization policies supported by Microsoft Surface Hub  
 
@@ -1591,3 +1854,13 @@ Footnote:
 -   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)  
 <!--EndSurfaceHub-->
 
+<hr/>
+
+Footnotes:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 4d766ec5f7..1d4948e92a 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/08/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - DeviceLock
@@ -1205,14 +1205,43 @@ Most restricted value is 0.
 
 <!--/Description-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>DeviceLock policies supported by Windows Holographic
+
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>DeviceLock policies supported by Windows Holographic for Business
+
+- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)
+- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)
+- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
+- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index c267e4587c..4db9f3f778 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/30/2018
+ms.date: 05/14/2019
 ---
 
 # Policy CSP - Experience
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -96,6 +96,9 @@ ms.date: 07/30/2018
   <dd>
     <a href="#experience-preventusersfromturningonbrowsersyncing">Experience/PreventUsersFromTurningOnBrowserSyncing</a>
   </dd>
+  <dd>
+    <a href="#experience-showlockonusertile">Experience/ShowLockOnUserTile</a>
+  </dd>
 </dl>
 
 
@@ -1571,15 +1574,94 @@ Validation procedure:
 
 <hr/>
 
-Footnote:
+<!--Policy-->
+<a href="" id="experience-showlockonusertile"></a>**Experience/ShowLockOnUserTile**  
 
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Shows or hides lock from the user tile menu.
+
+If you enable this policy setting, the lock option is shown in the User Tile menu.
+
+If you disable this policy setting, the lock option is never shown in the User Tile menu.
+
+If you do not configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Show lock in the user tile menu*
+-   GP name: *ShowLockOption*
+-   GP path: *File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supported values:  
+- false - The lock option is not displayed in the User Tile menu.
+- true (default) - The lock option is displayed in the User Tile menu.
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Experience policies supported by Windows Holographic
 
+- [Experience/AllowCortana](#experience-allowcortana)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Experience policies supported by Windows Holographic for Business
+
+- [Experience/AllowCortana](#experience-allowcortana)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index b1594d5d38..dc9a2c4e0c 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -24,12 +24,6 @@ ms.date: 06/26/2018
   <dd>
     <a href="#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts">LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</a>
   </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</a>
-  </dd>
-  <dd>
-    <a href="#localpoliciessecurityoptions-accounts-enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
-  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
   </dd>
@@ -255,131 +249,6 @@ The following list shows the supported values:
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-accounts-enableadministratoraccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This security setting determines whether the local Administrator account is enabled or disabled.
-
-If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
-Disabling the Administrator account can become a maintenance issue under certain circumstances. 
-
-Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts.  If the computer is domain joined the disabled administrator will not be enabled.
-
-Default: Disabled.
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-<!--/Description-->
-<!--DbMapped-->
-GP Info:  
--   GP English name: *Accounts: Administrator account status*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/DbMapped-->
-<!--SupportedValues-->
-Valid values:  
-- 0 - local Administrator account is disabled
-- 1 - local Administrator account is enabled
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This security setting determines if the Guest account is enabled or disabled.
-
-Default: Disabled.
-
-Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-<!--/Description-->
-<!--DbMapped-->
-GP Info:  
--   GP English name: *Accounts: Guest account status*
--   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
-
-<!--/DbMapped-->
-<!--SupportedValues-->
-Valid values:  
-- 0 - local Guest account is disabled
-- 1 - local Guest account is enabled
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly"></a>**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**  
 
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 51f9efc4a5..3b9db5c095 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,12 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 04/16/2018
+ms.date: 05/03/2019
 ---
 
 # Policy CSP - Power
 
-
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 <hr/>
 
@@ -31,6 +32,12 @@ ms.date: 04/16/2018
   <dd>
     <a href="#power-displayofftimeoutpluggedin">Power/DisplayOffTimeoutPluggedIn</a>
   </dd>
+  <dd>
+    <a href="#power-energysaverbatterythresholdonbattery">Power/EnergySaverBatteryThresholdOnBattery</a>
+  </dd>
+  <dd>
+    <a href="#power-energysaverbatterythresholdpluggedin">Power/EnergySaverBatteryThresholdPluggedIn</a>
+  </dd>
   <dd>
     <a href="#power-hibernatetimeoutonbattery">Power/HibernateTimeoutOnBattery</a>
   </dd>
@@ -43,12 +50,42 @@ ms.date: 04/16/2018
   <dd>
     <a href="#power-requirepasswordwhencomputerwakespluggedin">Power/RequirePasswordWhenComputerWakesPluggedIn</a>
   </dd>
+ <dd>
+    <a href="#power-selectlidcloseactiononbattery">Power/SelectLidCloseActionOnBattery</a>
+  </dd>
+  <dd>
+    <a href="#power-selectlidcloseactionpluggedin">Power/SelectLidCloseActionPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="#power-selectpowerbuttonactiononbattery">Power/SelectPowerButtonActionOnBattery</a>
+  </dd>
+  <dd>
+    <a href="#power-selectpowerbuttonactionpluggedin">Power/SelectPowerButtonActionPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="#power-selectsleepbuttonactiononbattery">Power/SelectSleepButtonActionOnBattery</a>
+  </dd>
+  <dd>
+    <a href="#power-selectsleepbuttonactionpluggedin">Power/SelectSleepButtonActionPluggedIn</a>
+  </dd>
   <dd>
     <a href="#power-standbytimeoutonbattery">Power/StandbyTimeoutOnBattery</a>
   </dd>
   <dd>
     <a href="#power-standbytimeoutpluggedin">Power/StandbyTimeoutPluggedIn</a>
   </dd>
+  <dd>
+    <a href="#power-turnoffhybridsleeponbattery">Power/TurnOffHybridSleepOnBattery</a>
+  </dd>
+  <dd>
+    <a href="#power-turnoffhybridsleeppluggedin">Power/TurnOffHybridSleepPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="#power-unattendedsleeptimeoutonbattery">Power/UnattendedSleepTimeoutOnBattery</a>
+  </dd>
+  <dd>
+    <a href="#power-unattendedsleeptimeoutpluggedin">Power/UnattendedSleepTimeoutPluggedIn</a>
+  </dd>
 </dl>
 
 
@@ -306,6 +343,139 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="power-energysaverbatterythresholdonbattery"></a>**Power/EnergySaverBatteryThresholdOnBattery**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+Added in Windows&nbsp;10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
+
+If you enable this policy setting, you must specify a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
+
+If you disable or do not configure this policy setting, users control this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Energy Saver Battery Threshold (on battery)*
+-   GP name: *EsBattThresholdDC*
+-   GP element: *EnterEsBattThreshold*
+-   GP path: *System/Power Management/Energy Saver Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supported values: 0-100. The default is 70.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-energysaverbatterythresholdpluggedin"></a>**Power/EnergySaverBatteryThresholdPluggedIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting allows you to specify battery charge level at which Energy Saver is turned on.
+
+If you enable this policy setting, you must provide a percentage value that indicates the battery charge level. Energy Saver is automatically turned on at (and below) the specified battery charge level.
+
+If you disable or do not configure this policy setting, users control this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Energy Saver Battery Threshold (plugged in)*
+-   GP name: *EsBattThresholdAC*
+-   GP element: *EnterEsBattThreshold*
+-   GP path: *System/Power Management/Energy Saver Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supported values: 0-100. The default is 70.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="power-hibernatetimeoutonbattery"></a>**Power/HibernateTimeoutOnBattery**  
 
@@ -558,6 +728,438 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="power-selectlidcloseactiononbattery"></a>**Power/SelectLidCloseActionOnBattery**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
+
+If you enable this policy setting, you must select the desired action.
+
+If you disable this policy setting or do not configure it, users can see and change this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the lid switch action (on battery)*
+-   GP name: *DCSystemLidAction_2*
+-   GP element: *SelectDCSystemLidAction*
+-   GP path: *System/Power Management/Button Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported lid close switch actions (on battery):  
+-   0 - Take no action
+-   1 - Sleep
+-   2 - System hibernate sleep state
+-   3 - System shutdown
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-selectlidcloseactionpluggedin"></a>**Power/SelectLidCloseActionPluggedIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.
+
+If you enable this policy setting, you must select the desired action.
+
+If you disable this policy setting or do not configure it, users can see and change this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the lid switch action (plugged in)*
+-   GP name: *ACSystemLidAction_2*
+-   GP element: *SelectACSystemLidAction*
+-   GP path: *System/Power Management/Button Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported lid close switch actions (plugged in):  
+-   0 - Take no action
+-   1 - Sleep
+-   2 - System hibernate sleep state
+-   3 - System shutdown
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-selectpowerbuttonactiononbattery"></a>**Power/SelectPowerButtonActionOnBattery**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button. 
+
+If you enable this policy setting, you must select the desired action.
+
+If you disable this policy setting or do not configure it, users can see and change this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the Power button action (on battery)*
+-   GP name: *DCPowerButtonAction_2*
+-   GP element: *SelectDCPowerButtonAction*
+-   GP path: *System/Power Management/Button Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported Power button actions (on battery):  
+-   0 - Take no action
+-   1 - Sleep
+-   2 - System hibernate sleep state
+-   3 - System shutdown
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-selectpowerbuttonactionpluggedin"></a>**Power/SelectPowerButtonActionPluggedIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Power button. 
+
+If you enable this policy setting, you must select the desired action.
+
+If you disable this policy setting or do not configure it, users can see and change this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the Power button action (plugged in)*
+-   GP name: *ACPowerButtonAction_2*
+-   GP element: *SelectACPowerButtonAction*
+-   GP path: *System/Power Management/Button Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported Power button actions (plugged in):  
+-   0 - Take no action
+-   1 - Sleep
+-   2 - System hibernate sleep state
+-   3 - System shutdown
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-selectsleepbuttonactiononbattery"></a>**Power/SelectSleepButtonActionOnBattery**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button.
+
+If you enable this policy setting, you must select the desired action.
+
+If you disable this policy setting or do not configure it, users can see and change this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the Sleep button action (on battery)*
+-   GP name: *DCSleepButtonAction_2*
+-   GP element: *SelectDCSleepButtonAction*
+-   GP path: *System/Power Management/Button Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported Sleep button actions (on battery):  
+-   0 - Take no action
+-   1 - Sleep
+-   2 - System hibernate sleep state
+-   3 - System shutdown
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-selectsleepbuttonactionpluggedin"></a>**Power/SelectSleepButtonActionPluggedIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting specifies the action that Windows takes when a user presses the Sleep button.
+
+If you enable this policy setting, you must select the desired action.
+
+If you disable this policy setting or do not configure it, users can see and change this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Select the Sleep button action (plugged in)*
+-   GP name: *ACSleepButtonAction_2*
+-   GP element: *SelectACSleepButtonAction*
+-   GP path: *System/Power Management/Button Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported Sleep button actions (plugged in):  
+-   0 - Take no action
+-   1 - Sleep
+-   2 - System hibernate sleep state
+-   3 - System shutdown
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="power-standbytimeoutonbattery"></a>**Power/StandbyTimeoutOnBattery**  
 
@@ -683,14 +1285,291 @@ ADMX Info:
 
 <!--/ADMXBacked-->
 <!--/Policy-->
+
 <hr/>
 
-Footnote:
+<!--Policy-->
+<a href="" id="power-turnoffhybridsleeponbattery"></a>**Power/TurnOffHybridSleepOnBattery**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting allows you to turn off hybrid sleep.
+
+If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
+
+If you set this policy setting to 1 or do not configure this policy setting, users control this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off hybrid sleep (on battery)*
+-   GP name: *DCStandbyWithHiberfileEnable_2*
+-   GP path: *System/Power Management/Sleep Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported values for Hybrid sleep (on battery):
+-   0 - no hibernation file for sleep (default)
+-   1 - hybrid sleep
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-turnoffhybridsleeppluggedin"></a>**Power/TurnOffHybridSleepPluggedIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting allows you to turn off hybrid sleep.
+
+If you set this policy setting to 0, a hiberfile is not generated when the system transitions to sleep (Stand By).
+
+If you set this policy setting to 1 or do not configure this policy setting, users control this setting.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off hybrid sleep (plugged in)*
+-   GP name: *ACStandbyWithHiberfileEnable_2*
+-   GP path: *System/Power Management/Sleep Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+
+The following are the supported values for Hybrid sleep (plugged in):
+-   0 - no hibernation file for sleep (default)
+-   1  - hybrid sleep
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-unattendedsleeptimeoutonbattery"></a>**Power/UnattendedSleepTimeoutOnBattery**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+
+If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
+
+If you disable or do not configure this policy setting, users control this setting.
+
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the unattended sleep timeout (on battery)*
+-   GP name: *UnattendedSleepTimeOutDC*
+-   GP element: *EnterUnattendedSleepTimeOut*
+-   GP path: *System/Power Management/Sleep Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Default value for unattended sleep timeout (on battery):
+300
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="power-unattendedsleeptimeoutpluggedin"></a>**Power/UnattendedSleepTimeoutPluggedIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows&nbsp;10, version 1903. This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.
+
+If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.
+
+If you disable or do not configure this policy setting, users control this setting.
+
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify the unattended sleep timeout (plugged in)*
+-   GP name: *UnattendedSleepTimeOutAC*
+-   GP element: *EnterUnattendedSleepTimeOut*
+-   GP path: *System/Power Management/Sleep Settings*
+-   GP ADMX file name: *power.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Default value for unattended sleep timeout (plugged in):
+300
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<!--/Policies-->
+
+<hr/>
+
+Footnotes:
 
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
-
-<!--/Policies-->
-
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index bccb2e581b..e59ee6fa01 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/14/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Privacy
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -4851,16 +4851,28 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Privacy policies supported by Windows Holographic
+
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->  
+## <a href="" id="hololenbusinessspolicies"></a>Privacy policies supported by Windows Holographic for Business
+
+- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in the next major release of Windows 10.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index f51a32f819..3106f2b945 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/30/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Search
@@ -849,16 +849,27 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Search policies supported by Windows Holographic
 
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+<!--EndHoloLens-->
 
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Search policies supported by Windows Holographic for Business
+
+- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index ec1d131e0d..e6bce4de0b 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/09/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Security
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -739,18 +739,28 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Security policies supported by Windows Holographic
 
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+<!--EndHoloLens-->
 
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Security policies supported by Windows Holographic for Business
+
+- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in the next major release of Windows 10.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index fa1b94e71a..5ff09bf3e4 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/09/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Settings
@@ -839,16 +839,29 @@ To validate on Desktop, do the following:
 
 <!--/Validation-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Settings policies supported by Windows Holographic
 
+- [Settings/AllowDateTime](#settings-allowdatetime)
+- [Settings/AllowVPN](#settings-allowvpn)
+<!--EndHoloLens-->
 
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Settings policies supported by Windows Holographic for Business
+
+- [Settings/AllowDateTime](#settings-allowdatetime)
+- [Settings/AllowVPN](#settings-allowvpn)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index 43023aecdc..bd274c38df 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/09/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Speech
@@ -82,14 +82,27 @@ The following list shows the supported values:
 
 <!--/SupportedValues-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Speech policies supported by Windows Holographic
+
+- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Speech policies supported by Windows Holographic for Business
+
+- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate)
+<!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 16bfa23ec7..92fd30f9bb 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/24/2018
+ms.date: 05/09/2019
 ---
 
 # Policy CSP - System
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -24,6 +24,9 @@ ms.date: 08/24/2018
   <dd>
     <a href="#system-allowbuildpreview">System/AllowBuildPreview</a>
   </dd>
+  <dd>
+    <a href="#system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a>
+  </dd>
   <dd>
     <a href="#system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
   </dd>
@@ -84,6 +87,9 @@ ms.date: 08/24/2018
   <dd>
     <a href="#system-telemetryproxy">System/TelemetryProxy</a>
   </dd>
+  <dd>
+    <a href="#system-turnofffilehistory">System/TurnOffFileHistory</a>
+  </dd>
 </dl>
 
 
@@ -128,7 +134,6 @@ ms.date: 08/24/2018
 > [!NOTE]
 > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise.
 
-
 This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software.
 
 If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
@@ -154,6 +159,80 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="system-allowcommercialdatapipeline"></a>**System/AllowCommercialDataPipeline**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+> [!NOTE]
+> This policy setting applies only to the Windows operating system and apps included with Windows, it does not apply to third-party apps or services running on Windows 10.
+
+This policy setting opts the device into the Windows enterprise data pipeline.
+
+If you enable this setting, data collected from the device is opted into the Windows enterprise data pipeline.
+
+If you disable or do not configure this setting, all data from the device is collected and processed in accordance with the policies for the Windows standard data pipeline.
+
+Configuring this setting does not change the telemetry collection level or the ability of the user to change the level.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Allow commercial data pipeline*
+-   GP name: *AllowCommercialDataPipeline*
+-   GP element: *AllowCommercialDataPipeline*
+-   GP path: *Data Collection and Preview Builds*
+-   GP ADMX file name: *DataCollection.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - Do not use the Windows Commercial Data Pipeline
+-   1 - Use the Windows Commercial Data Pipeline
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**  
 
@@ -1433,16 +1512,97 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--/Policy-->
+
 <hr/>
 
-Footnote:
+<!--Policy-->
+<a href="" id="system-turnofffilehistory"></a>**System/TurnOffFileHistory**  
 
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to turn off File History.
+
+If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
+
+If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off File History*
+-   GP name: *DisableFileHistory*
+-   GP path: *Windows Components/File History*
+-   GP ADMX file name: *FileHistory.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   false (default) - allow File History
+-   true  - turn off File History
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
 
 <!--/Policies-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>System policies supported by Windows Holographic
+
+- [System/AllowTelemetry](#system-allowtelemetry)
+- [System/AllowLocation](#system-allowlocation)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>System policies supported by Windows Holographic for Business
+
+- [System/AllowTelemetry](#system-allowtelemetry)
+- [System/AllowLocation](#system-allowlocation)
+ <!--EndHoloLensBusiness-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 2e24ad1c47..8e9d7a15c7 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,13 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/29/2018
+ms.date: 05/08/2019
 ---
 
 # Policy CSP - Update
 
 > [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 
 <hr/>
@@ -57,9 +57,24 @@ ms.date: 08/29/2018
   <dd>
     <a href="#update-autorestartrequirednotificationdismissal">Update/AutoRestartRequiredNotificationDismissal</a>
   </dd>
+  <dd>
+    <a href="#update-automaticmaintenancewakeup">Update/AutomaticMaintenanceWakeUp</a>
+  </dd>
   <dd>
     <a href="#update-branchreadinesslevel">Update/BranchReadinessLevel</a>
   </dd>
+  <dd>
+    <a href="#update-configuredeadlineforfeatureupdates">Update/ConfigureDeadlineForFeatureUpdates</a>
+  </dd>
+  <dd>
+    <a href="#update-configuredeadlineforqualityupdates">Update/ConfigureDeadlineForQualityUpdates</a>
+  </dd>
+  <dd>
+    <a href="#update-configuredeadlinegraceperiod">Update/ConfigureDeadlineGracePeriod</a>
+  </dd>
+  <dd>
+    <a href="#update-configuredeadlinenoautoreboot">Update/ConfigureDeadlineNoAutoReboot</a>
+  </dd>
   <dd>
     <a href="#update-configurefeatureupdateuninstallperiod">Update/ConfigureFeatureUpdateUninstallPeriod</a>
   </dd>
@@ -189,6 +204,7 @@ ms.date: 08/29/2018
 </dl>
 
 <hr/>
+
 > [!NOTE]
 > If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
 
@@ -933,6 +949,76 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-automaticmaintenancewakeup"></a>**Update/AutomaticMaintenanceWakeUp**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to configure if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance.
+
+> [!Note]
+> If the OS power wake policy is explicitly disabled, then this setting has no effect.
+
+If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required.
+
+If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies.
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Automatic Maintenance WakeUp Policy*
+-   GP category English path: *Windows Components/Maintenance Scheduler*
+-   GP name: *WakeUpPolicy*
+-   GP path: *Windows Components/Maintenance Scheduler*
+-   GP ADMX file name: *msched.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supported values:  
+-   true - Enable
+-   false - Disable (Default)
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-branchreadinesslevel"></a>**Update/BranchReadinessLevel**  
 
@@ -995,6 +1081,306 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="update-configuredeadlineforfeatureupdates"></a>**Update/ConfigureDeadlineForFeatureUpdates**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
+
+<!--/Description-->
+
+<!--SupportedValues-->
+Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update.
+
+Default value is 7.
+<!--/SupportedValues-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify deadlines for automatic updates and restarts*
+-   GP category English path: *Administrative Templates\Windows Components\WindowsUpdate*
+-   GP name: *ConfigureDeadlineForFeatureUpdates*
+-   GP element: *ConfigureDeadlineForFeatureUpdates*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="update-configuredeadlineforqualityupdates"></a>**Update/ConfigureDeadlineForQualityUpdates**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule.
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify deadlines for automatic updates and restarts*
+-   GP category English path: *Administrative Templates\Windows Components\WindowsUpdate*
+-   GP name: *ConfigureDeadlineForQualityUpdates*
+-   GP element: *ConfigureDeadlineForQualityUpdates*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update.
+
+Default value is 7.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="update-configuredeadlinegraceperiod"></a>**Update/ConfigureDeadlineGracePeriod**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1903. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies.
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify deadlines for automatic updates and restarts*
+-   GP category English path: *Administrative Templates\Windows Components\WindowsUpdate*
+-   GP name: *ConfigureDeadlineGracePeriod*
+-   GP element: *ConfigureDeadlineGracePeriod*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached.
+
+Default value is 2.
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="update-configuredeadlinenoautoreboot"></a>**Update/ConfigureDeadlineNoAutoReboot**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1903. If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart.
+
+When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline.
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Specify deadlines for automatic updates and restarts*
+-   GP category English path: *Administrative Templates\Windows Components\WindowsUpdate*
+-   GP name: *ConfigureDeadlineNoAutoReboot*
+-   GP element: *ConfigureDeadlineNoAutoReboot*
+-   GP ADMX file name: *WindowsUpdate.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supported values:  
+-   1 - Enabled
+-   0 (default) - Disabled
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="update-configurefeatureupdateuninstallperiod"></a>**Update/ConfigureFeatureUpdateUninstallPeriod**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
+
+<!--/Description-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="update-configurefeatureupdateuninstallperiod"></a>**Update/ConfigureFeatureUpdateUninstallPeriod**  
 
@@ -3571,15 +3957,65 @@ ADMX Info:
 
 <!--/ADMXMapped-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
--   5 - Added in Windows 10, version 1809.
--   6 - Added in the next major release of Windows 10.
 
 <!--/Policies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Update policies supported by Windows Holographic
+
+- [Update/AllowAutoUpdate](#update-allowautoupdate)
+- [Update/AllowUpdateService](#update-allowupdateservice)
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/ScheduledInstallDay](#update-scheduledinstallday)
+- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
+- [Update/UpdateServiceUrl](#update-updateserviceurl)
+- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
+<!--EndHoloLens-->
+
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Update policies supported by Windows Holographic for Business
+
+- [Update/AllowAutoUpdate](#update-allowautoupdate)
+- [Update/AllowUpdateService](#update-allowupdateservice)
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+- [Update/RequireUpdateApproval](#update-requireupdateapproval)
+- [Update/ScheduledInstallDay](#update-scheduledinstallday)
+- [Update/ScheduledInstallTime](#update-scheduledinstalltime)
+- [Update/UpdateServiceUrl](#update-updateserviceurl)
+- [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
+<!--EndHoloLensBusiness-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Update policies supported by IoT Core  
+
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+<!--EndIoTCore-->
+
+<!--StartIoTEnterprise-->
+## <a href="" id="iotcore"></a>Update policies supported by IoT Enterprise  
+
+- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates)
+- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)
+- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod)
+- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot)
+<!--EndIoTEnterprise-->
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 8d16e2c852..ff2649412f 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 05/14/2018
+ms.date: 05/01/2019
 ---
 
 # Policy CSP - Wifi
@@ -379,36 +379,49 @@ Supported operations are Add, Delete, Get, and Replace.
 
 <!--/Description-->
 <!--/Policy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
--   3 - Added in Windows 10, version 1709.
--   4 - Added in Windows 10, version 1803.
 
 <!--/Policies-->
 
 <!--StartEAS-->
 ## <a href="" id="eas"></a>Wifi policies that can be set using Exchange Active Sync (EAS)  
 
--   [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
--   [Wifi/AllowWiFi](#wifi-allowwifi)  
+- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
+- [Wifi/AllowWiFi](#wifi-allowwifi)  
 <!--EndEAS-->
 
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Wifi policies supported by Windows Holographic
+
+- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration)
+<!--EndHoloLens-->
+  
+<!--StartHoloLensBusiness-->
+## <a href="" id="hololenbusinessspolicies"></a>Wifi policies supported by Windows Holographic for Business
+
+- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration)
+<!--EndHoloLensBusiness-->
+
 <!--StartIoTCore-->
 ## <a href="" id="iotcore"></a>Wifi policies supported by IoT Core  
 
--   [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots)  
--   [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
--   [Wifi/AllowWiFi](#wifi-allowwifi)  
--   [Wifi/WLANScanMode](#wifi-wlanscanmode)  
+- [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots)  
+- [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
+- [Wifi/AllowWiFi](#wifi-allowwifi)  
+- [Wifi/WLANScanMode](#wifi-wlanscanmode)  
 <!--EndIoTCore-->
 
 <!--StartSurfaceHub-->
 ## <a href="" id="surfacehubpolicies"></a>Wifi policies supported by Microsoft Surface Hub  
 
--   [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
+- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
 <!--EndSurfaceHub-->
 
+<hr/>
+
+Footnotes:
+
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index e75a0cf6de..e307f8f433 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,12 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/12/2018
+ms.date: 05/07/2019
 ---
 
 # Policy CSP - WindowsLogon
 
-
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 
 <hr/>
 
@@ -19,23 +20,182 @@ ms.date: 07/12/2018
 ## WindowsLogon policies  
 
 <dl>
+  <dd>
+    <a href="#windowslogon-allowautomaticrestartsignon">WindowsLogon/AllowAutomaticRestartSignOn</a>
+  </dd>
+  <dd>
+    <a href="#windowslogon-configautomaticrestartsignon">WindowsLogon/ConfigAutomaticRestartSignOn</a>
+  </dd>
   <dd>
     <a href="#windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
   </dd>
   <dd>
     <a href="#windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
   </dd>
+  <dd>
+    <a href="#windowslogon-enablefirstlogonanimation">WindowsLogon/EnableFirstLogonAnimation</a>
+  </dd>
   <dd>
     <a href="#windowslogon-enumeratelocalusersondomainjoinedcomputers">WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers</a>
   </dd>
   <dd>
     <a href="#windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
   </dd>
-  <dd>
-    <a href="#windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart">WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart</a>
-  </dd>
 </dl>
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowslogon-allowautomaticrestartsignon"></a>**WindowsLogon/AllowAutomaticRestartSignOn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls whether a device automatically signs in and locks the last interactive user after the system restarts or after a shutdown and cold boot.
+
+This occurs only if the last interactive user did not sign out before the restart or shutdown.​
+
+If the device is joined to Active Directory or Azure Active Directory, this policy applies only to Windows Update restarts. Otherwise, this policy applies to both Windows Update restarts and user-initiated restarts and shutdowns.​
+
+If you do not configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​
+
+After enabling this policy, you can configure its settings through the [ConfigAutomaticRestartSignOn](#windowslogon-configautomaticrestartsignon) policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot​.
+
+If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Sign-in and lock last interactive user automatically after a restart*
+-   GP name: *AutomaticRestartSignOn*
+-   GP path: *Windows Components/Windows Logon Options*
+-   GP ADMX file name: *WinLogon.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="windowslogon-configautomaticrestartsignon"></a>**WindowsLogon/ConfigAutomaticRestartSignOn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls the configuration under which an automatic restart, sign on, and lock occurs after a restart or cold boot. If you chose “Disabled” in the [AllowAutomaticRestartSignOn](#windowslogon-allowautomaticrestartsignon) policy, then automatic sign on does not occur and this policy need not be configured.
+
+If you enable this policy setting, you can choose one of the following two options:
+
+- Enabled if BitLocker is on and not suspended: Specifies that automatic sign on and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.  
+BitLocker is suspended during updates if:
+    - The device does not have TPM 2.0 and PCR7
+    - The device does not use a TPM-only protector
+- Always Enabled: Specifies that automatic sign on happens even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.
+
+If you disable or do not configure this setting, automatic sign on defaults to the “Enabled if BitLocker is on and not suspended” behavior.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot*
+-   GP name: *ConfigAutomaticRestartSignOn*
+-   GP path: *Windows Components/Windows Logon Options*
+-   GP ADMX file name: *WinLogon.admx*
+
+<!--/ADMXBacked-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
 
 <hr/>
 
@@ -188,6 +348,78 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="windowslogon-enablefirstlogonanimation"></a>**WindowsLogon/EnableFirstLogonAnimation**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users are offered the opt-in prompt for services during their first sign-in.
+
+If you enable this policy setting, Microsoft account users see the opt-in prompt for services, and users with other accounts see the sign-in animation.
+
+If you disable this policy setting, users do not see the animation and Microsoft account users do not see the opt-in prompt for services.
+
+If you do not configure this policy setting, the user who completes the initial Windows setup see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer do not see the animation.
+
+> [!NOTE]
+> The first sign-in animation is not displayed on Server, so this policy has no effect.
+
+<!--/Description-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Show first sign-in animation*
+-   GP name: *EnableFirstLogonAnimation*
+-   GP path: *System/Logon*
+-   GP ADMX file name: *Logon.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+Supported values:  
+-   false - disabled
+-   true  - enabled
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="windowslogon-enumeratelocalusersondomainjoinedcomputers"></a>**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers**  
 
@@ -313,75 +545,15 @@ To validate on Desktop, do the following:
 <!--/Validation-->
 <!--/Policy-->
 
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowslogon-signinlastinteractiveuserautomaticallyafterasysteminitiatedrestart"></a>**WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
+<!--/Policies-->
 
 <hr/>
 
-<!--/Scope-->
-<!--Description-->
-This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system.
-
-If you enable or do not configure this policy setting, the device securely saves the user's credentials (including the user name, domain and encrypted password) to configure automatic sign-in after a Windows Update restart. After the Windows Update restart, the user is automatically signed-in and the session is automatically locked with all the lock screen apps configured for that user.
-
-If you disable this policy setting, the device does not store the user's credentials for automatic sign-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Sign-in last interactive user automatically after a system-initiated restart*
--   GP name: *AutomaticRestartSignOn*
--   GP path: *Windows Components/Windows Logon Options*
--   GP ADMX file name: *WinLogon.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
-
-Footnote:
+Footnotes:
 
 -   1 - Added in Windows 10, version 1607.
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
-
-<!--/Policies-->
-
+-   5 - Added in Windows 10, version 1809.
+-   6 - Added in Windows 10, version 1903.
\ No newline at end of file
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 77dea602cf..f5d0d53a0f 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -30,7 +30,7 @@ The following diagram shows the Reboot configuration service provider management
 > [!Note]  
 > If this node is set to execute during a sync session, the device will reboot at the end of the sync session.
 
-<p style="margin-left: 20px">The supported operations are Execute and Get.
+<p style="margin-left: 20px">The supported operations are Execute and Get.</p>
 
 <a href="" id="schedule"></a>**Schedule**  
 <p style="margin-left: 20px">The supported operation is Get.</p>
diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md
index e3351b8c80..95f47c5df9 100644
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@@ -29,7 +29,7 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t
 </thead>
 <tbody>
 <tr class="odd">
-<td><p>POST</p></td>
+<td><p>DELETE</p></td>
 <td><p>https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}</p></td>
 </tr>
 </tbody>
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index 543252e8f2..9ead93e55b 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -50,6 +50,9 @@ When the ADMX policies are imported, the registry keys to which each policy is w
 > [!Warning]
 > Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
 
+> [!NOTE]
+> Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). 
+
 ## <a href="" id="ingesting-an-app-admx-file"></a>Ingesting an app ADMX file
 
 The following ADMX file example shows how to ingest a Win32 or Desktop Bridge app ADMX file and set policies from the file. The ADMX file defines eight policies.
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 436a96f0a8..79761a6c5d 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -57,6 +57,9 @@ Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk i
 
 In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
 
+>[!NOTE]
+>If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
+
 >[!TIP]
 >If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML. 
 
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index c29f399bba..bab10f57b6 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -280,7 +280,7 @@ Additionally, users may see blank tiles if logon was attempted without network c
 
 ### Symptom: Start Menu issues with Tile Data Layer corruption 
 
-**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. 
+**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update)). 
 
 **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed.
 
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index afc9f144c2..25a638d45a 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -14,12 +14,15 @@ ms.topic: article
 
 # Deploy Windows 10 Enterprise licenses
 
+>[!IMPORTANT]
+>Office 365 Enterprise E3 and Office 365 Enterprise E5 include a Windows 10 Enterprise license. This article is about the use and implementation of these licenses in a on-premises Active Directory environment.
+
 This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
 
 >[!NOTE]
->Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.<BR>
->Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.<BR>
->Automatic, non-KMS activation requires Windows 10, version 1803 or later on a device with a firmware-embedded activation key.<BR>
+>* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
+>* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
+>* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
 
 ## Firmware-embedded activation key
 
@@ -35,9 +38,9 @@ If the device has a firmware-embedded activation key, it will be displayed in th
 
 If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
 
-1.	Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:<BR>
-    a.	**AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3<BR>
-    b.	**AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5<BR>
+1.	Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
+-  **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
+- **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
 2.	After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
 3.	The admin can now assign subscription licenses to users.
 
@@ -59,7 +62,7 @@ Also in this article:
 
 You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
 
-You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
 
 **Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
 
@@ -72,6 +75,9 @@ For more information about integrating on-premises AD DS domains with Azure AD,
 -   [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/)
 -   [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
 
+>[!NOTE]
+>If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+
 ## Preparing for deployment: reviewing requirements
 
 Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
@@ -151,12 +157,12 @@ Now the device is Azure AD joined to the company’s subscription.
 ### Step 2: Pro edition activation
 
 >[!IMPORTANT]
->If the device is running Windows 10, version 1803 or later, this step is no longer necessary when there is a firmware-embedded activation key on the device. Starting with Windows 10, version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.<br>
+>If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
 >If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 7a**.
 
 <span id="win-10-pro-activated"/>
 <img src="images/sa-pro-activation.png" alt="Windows 10 Pro activated" width="710" height="440" />
-<BR>**Figure 7a - Windows 10 Pro activation in Settings** <BR>
+**Figure 7a - Windows 10 Pro activation in Settings** 
 
 Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
 
@@ -176,16 +182,16 @@ You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings &g
 <span id="win-10-activated-subscription-active"/>
 <img src="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt="Windows 10 activated and subscription active" width="624" height="407" />
 
-<BR>**Figure 9 - Windows 10 Enterprise subscription in Settings** <BR>
+**Figure 9 - Windows 10 Enterprise subscription in Settings** 
 
 
 If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
 
 >[!NOTE] 
->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:<BR>
->Name: Windows(R), Professional edition<BR>
->Description: Windows(R) Operating System, RETAIL channel<BR>
->Partial Product Key: 3V66T<BR>
+>If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
+>Name: Windows(R), Professional edition
+>Description: Windows(R) Operating System, RETAIL channel
+>Partial Product Key: 3V66T
 
 ## Virtual Desktop Access (VDA)
 
@@ -211,23 +217,20 @@ Use the following figures to help you troubleshoot when users experience these c
 
 - [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed.
 
-<BR>
 
 <span id="win-10-not-activated"/>
 <img src="images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png" alt="Windows 10 not activated and subscription active" width="624" height="407" />
-<BR>**Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings**<BR>
+**Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings**
 
-<BR>
 
 <span id="subscription-not-active"/>
 <img src="images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png" alt="Windows 10 activated and subscription not active" width="624" height="407" />
-<BR>**Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings**<BR>
+**Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings**
 
-<BR>
 
 <span id="win-10-not-activated-subscription-not-active"/>
 <img src="images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png" alt="Windows 10 not activated and subscription not active" width="624" height="407" />
-<BR>**Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings**<BR>
+**Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings**
 
 
 ### Review requirements on devices
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index bb0ad7f659..99f0aa2457 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -111,7 +111,7 @@ In either of these scenarios, you can make a variety of configuration changes to
 ## Stay up to date
 
 
-For computers already running Windows 10 on the Current Branch or Current Branch for Business, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods:
+For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods:
 
 -   Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
 
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index 53c10d8b86..23981b631a 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -18,6 +18,13 @@ The Update Compliance solution of Windows Analytics provides you with informatio
 
 ![DO status](images/UC_workspace_DO_status.png)
 
+> [!IMPORTANT]
+> There are currently two known issues affecting the Delivery Optimization status displayed in these blades:
+>- Devices running Windows 10, version 1803 or older versions are not sending the correct configuration profile. As a result, the information in the Device Configuration blade might not accurately reflect the settings in your environment.
+>- Some devices running Windows 10, version 1809 report the Delivery Optimization DownloadMode configuration value as the sequential value in the list of possible configurations rather than the actual configured value. For example, a device that is configured as HTTP + Group (2), will be shown as HTTP + Internet (3) in Update Compliance.
+>
+>Look for fixes for both of these issues in a forthcoming update.
+
 ## Delivery Optimization Status
  
 The Delivery Optimization Status section includes three blades:
diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md
index 582639b74e..7fbacf8aee 100644
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@@ -5,9 +5,9 @@ keywords: oms, operations management suite, wdav, updates, downloads, log analyt
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: JaimeO
+author: greg-lindsay
 ms.localizationpriority: medium
-ms.author: jaimeo
+ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
 ---
@@ -37,7 +37,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | --- | --- | --- |
 | [Download mode](#download-mode) | DODownloadMode | 1511 |
 | [Group ID](#group-id)  | DOGroupID | 1511 |
-| [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 |
+| [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 |
 | [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 |
 | [Max Cache Age](#max-cache-age) | DOMaxCacheAge | 1511 |
 | [Max Cache Size](#max-cache-size)  | DOMaxCacheSize | 1511 |
@@ -70,7 +70,7 @@ Delivery Optimization uses locally cached updates. In cases where devices have a
 - The system drive is the default location for the Delivery Optimization cache. [Modify Cache Drive](#modify-cache-drive) allows administrators to change that location.
 
 >[!NOTE]
->It is possible to configure preferred cache devices. For more information, see [Set “preferred” cache devices for Delivery Optimization](#set-preferred-cache-devices).
+>It is possible to configure preferred cache devices. For more information, see [Group ID](#group-id).
 
 All cached files have to be above a set minimum size. This size is automatically set by the Delivery Optimization cloud services, but when local storage is sufficient and the network isn't strained or congested, administrators might choose to change it to obtain increased performance. You can set the minimum size of files to cache by adjusting [Minimum Peer Caching Content File Size](#minimum-peer-caching-content-file-size).
 
@@ -79,7 +79,7 @@ Additional options available that control the impact Delivery Optimization has o
 - [Max Upload Bandwidth](#max-upload-bandwidth) controls the Delivery Optimization upload bandwidth usage.
 - [Monthly Upload Data Cap](#monthly-upload-data-cap) controls the amount of data a client can upload to peers each month.
 - [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This is achieved by adjusting the amount of data downloaded directly from Windows Update or WSUS servers, rather than other peers in the network.
-- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
+- [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
 - [Maximum Background Download Bandwidth](#maximum-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
 - [Set Business Hours to Limit Background Download Bandwidth](#set-business-hours-to-limit-background-download-bandwidth) specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
 - [Set Business Hours to Limit Foreground Download Bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
@@ -89,7 +89,7 @@ Additional options available that control the impact Delivery Optimization has o
 - [Delay foreground download from http (in secs)](#delay-foreground-download-from-http-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use P2P.
 
 Administrators can further customize scenarios where Delivery Optimization will be used with the following settings:
-- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled.
+- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled.
 - [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) sets the minimum disk size required for peer caching to be enabled.
 - [Enable Peer Caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) allows clients connected through VPN to use peer caching.
 - [Allow uploads while the device is on battery while under set Battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) controls the minimum battery level required for uploads to occur. You must enable this policy to allow upload while on battery.
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 1c13688e4e..765547a61f 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -5,7 +5,7 @@ keywords: oms, operations management suite, wdav, updates, downloads, log analyt
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: JaimeO
+author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
 ms.collection: M365-modern-desktop
@@ -110,8 +110,46 @@ For the payloads (optional):
 
 **Does Delivery Optimization use multicast?**: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
 
-[//]: # (**What data does Delivery Optimization send to the service?**)
-[//]: # (??????????????? I'm not sure we can avoid sharing this, per GDPR guidelines)
+## Troubleshooting
+
+This section summarizes common problems and some solutions to try.
+
+### If you don't see any bytes from peers
+
+If you don’t see any bytes coming from peers the cause might be one of the following issues:
+
+- Clients aren’t able to reach the Delivery Optimization cloud services.
+- The cloud service doesn’t see other peers on the network. 
+- Clients aren’t able to connect to peers that are offered back from the cloud service.
+
+
+### Clients aren't able to reach the Delivery Optimization cloud services.
+
+If you suspect this is the problem, try these steps:
+
+1.	Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
+2.	Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3.
+3.	If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
+
+
+
+### The cloud service doesn't see other peers on the network.
+
+If you suspect this is the problem, try these steps:
+
+1.	Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads.
+2.	Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices.
+3.	Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero.
+4.	If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address.
+
+
+### Clients aren't able to connect to peers offered by the cloud service
+
+If you suspect this is the problem, try a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps:
+
+1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt.
+2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.
+
 
 
 
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index be96b68e59..19a38e1f89 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -85,13 +85,13 @@ Starting with Windows 10, version 1709, the Windows Update for Business settings
 | Manage Windows Insider Preview builds | System/AllowBuildPreview | Update/ManagePreviewBuilds |
 | Manage when updates are received | Select when Feature Updates are received |	Select when Preview Builds and Feature Updates are received (Update/BranchReadinessLevel) |
 
-## Managing Windows Update for Business with Software Center Configuration Manager
+## Managing Windows Update for Business with System Center Configuration Manager
 
-Starting with Windows 10, version 1709, you can assign a collection of devices to have dual scan enabled and manage that collection with Windows Update for Business policies. Starting with Windows 10, version 1809, you can set a collection of devices to receive the Windows Insider Preview Feature Updates from Windows Update from within Software Center Configuration Manager.
+Starting with Windows 10, version 1709, you can assign a collection of devices to have dual scan enabled and manage that collection with Windows Update for Business policies. Starting with Windows 10, version 1809, you can set a collection of devices to receive the Windows Insider Preview Feature Updates from Windows Update from within System Center Configuration Manager.
 
 | Action | Windows 10 versions between 1709 and 1809 | Windows 10 versions after 1809 |
 | --- | --- | --- |
-| Manage Windows Update for Business in Configuration Manager | Manage Feature or Quality Updates with Windows Update for Business via Dual Scan | Manage Insider pre-release builds with Windows Update for Business within Software Center Configuration Manager |
+| Manage Windows Update for Business in Configuration Manager | Manage Feature or Quality Updates with Windows Update for Business via Dual Scan | Manage Insider pre-release builds with Windows Update for Business within System Center Configuration Manager |
 
 ## Managing Windows Update for Business with Windows Settings options
 Windows Settings includes options to control certain Windows Update for Business features:
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index 9ef541fce2..af88e40987 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -69,8 +69,8 @@ Click the following Microsoft Mechanics video for an overview of the updated rel
  
 ## Learn more
 
-[Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft)
-
+- [Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft)
+- [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet)
 
 ## Related topics
 
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 13c1dce96d..ee8f3c4fde 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -42,6 +42,9 @@ When **Configure Automatic Updates** is enabled in Group Policy, you can enable
 - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours.
 - **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
 
+> [!NOTE]
+> When using Remote Desktop Protocol connections, only active RDP sessions are considered as logged on users. Devices that do not have locally logged on users, or active RDP sessions, will be restarted. 
+
 You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting.
 
 For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
@@ -159,8 +162,9 @@ In the Group Policy editor, you will see a number of policy settings that pertai
 
 >[!NOTE]
 >You can only choose one path for restart behavior.
->
 >If you set conflicting restart policies, the actual restart behavior may not be what you expected.
+>When using RDP, only active RDP sessions are considered as logged on users.
+
 
 ## Registry keys used to manage restart
 The following tables list registry values that correspond to the Group Policy settings for controlling restarts after updates in Windows 10.
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index ea9214c57b..9942044960 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -86,7 +86,7 @@ If you have devices that appear in other solutions, but not Device Health (the D
 3. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551).
 4. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set).
 5. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information.
-6. Remove the Device Health (appears as DeviceHealthProd on some pages) from your Log Analytics workspace
+6. Add the Device Health solution back to your Log Analytics workspace.
 7. Wait 48 hours for activity to appear in the reports.
 8. If you need additional troubleshooting, contact Microsoft Support.
 
diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md
index 9753f76d40..b7b51ae981 100644
--- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md
+++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md
@@ -12,16 +12,7 @@ ms.collection: M365-analytics
 
 # Upgrade Readiness data sharing
 
-To enable data sharing with the Upgrade Readiness solution, the following endpoints must be accessible:
-
-
-| **Endpoint**  | **Function**  |
-|---------------------------------------------------------|-----------|
-| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive`                                                                                                      | Connected User Experiences and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
-| `https://settings.data.microsoft.com/qos`                                                                                                                                  | Enables the compatibility update KB to send data to Microsoft.                                                                       |
-| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`                                         | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
-
-Whitelist these endpoints on your network. This might require working with your organizations's network security group.
+To enable data sharing with the Upgrade Readiness solution, double-check the endpoints list in [Enrolling devices in Windows Analytics](../update/windows-analytics-get-started.md#enable-data-sharing) to be sure they are whitelisted.
 
 ## Connectivity to the Internet
 
@@ -38,10 +29,10 @@ In order to use the direct connection scenario, set the parameter **ClientProxy=
 This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication.
 
 In order to set the WinHTTP proxy system-wide on your computers, you need to
-•Use the command netsh winhttp set proxy \<server\>:\<port\>
-•Set ClientProxy=System in runconfig.bat
+- Use the command netsh winhttp set proxy \<server\>:\<port\>
+- Set ClientProxy=System in runconfig.bat
 
-The WinHTTP scenario is most appropriate for customers who use a single proxy or f. If you have more advanced proxy requirements, refer to Scenario 3.
+The WinHTTP scenario is most appropriate for customers who use a single proxy. If you have more advanced proxy requirements, refer to Scenario 3.
 
 If you want to learn more about proxy considerations on Windows, see [Understanding Web Proxy Configuration](https://blogs.msdn.microsoft.com/ieinternals/2013/10/11/understanding-web-proxy-configuration/).
 
diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
index 5b149323f8..e3ad02a8ae 100644
--- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
+++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md
@@ -12,6 +12,9 @@ ms.topic: article
 
 # Use Upgrade Readiness to manage Windows upgrades
 
+>[!IMPORTANT]
+>>**The OMS portal has been deprecated, so you need to switch to the [Azure portal](https://portal.azure.com) now.** The two portals offer the same experience, with some key differences. Learn how to use [Windows Analytics in the Azure Portal](../update/windows-analytics-azure-portal.md). Find out more about the [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition), or jump right in and [Get started with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-get-started).
+
 You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues.
 
 - Based on diagnostic data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index 1b021674ca..3b2cb8c678 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -12,21 +12,24 @@ ms.localizationpriority: medium
 ms.topic: article
 ---
 
-# Windows error reporting
+# Windows Error Reporting
 
 **Applies to**
 -   Windows 10
 
 >[!NOTE]
->This is a 300 level topic (moderately advanced).<br>
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+> This is a 300 level topic (moderately advanced).  
+> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
 
 
 When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**.  You can use Event Viewer to review this event, or you can use Windows PowerShell.
 
 To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
 
-```
+>[!IMPORTANT]
+>}The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable.
+
+```Powershell
 $events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
 $event = [xml]$events[0].ToXml()
 $event.Event.EventData.Data
@@ -40,19 +43,20 @@ To use Event Viewer:
 Note: For legacy operating systems, the Event Name was WinSetupDiag01. 
 
 Ten parameters are listed in the event:
-<br>
-<table border="0">
-<tr><td>P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool)</td></tr>
-<tr><td>P2: Setup Mode (x=default,1=Downlevel,5=Rollback)</td></tr>
-<tr><td>P3: New OS Architecture (x=default,0=X86,9=AMD64)</td></tr>
-<tr><td>P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked)</td></tr>
-<tr><td><b>P5: Result Error Code</b>  (Ex: 0xc1900101)</td></tr>
-<tr><td><b>P6: Extend Error Code</b>  (Ex: 0x20017)</td></tr>
-<tr><td>P7: Source OS build (Ex: 9600)</td></tr>
-<tr><td>P8: Source OS branch (not typically available)</td></tr>
-<tr><td>P9: New OS build (Ex: 16299}</td></tr>
-<tr><td>P10: New OS branch (Ex: rs3_release}</td></tr>
-</table>
+
+| Parameters  | 
+| ------------- | 
+|P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool)   | 
+|P2: Setup Mode (x=default,1=Downlevel,5=Rollback)   | 
+|P3: New OS Architecture (x=default,0=X86,9=AMD64)   | 
+|P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked)   | 
+|**P5: Result Error Code**  (Ex: 0xc1900101)   | 
+|**P6: Extend Error Code**  (Ex: 0x20017)   | 
+|P7: Source OS build (Ex: 9600)   | 
+|P8: Source OS branch (not typically available)   | 
+|P9: New OS build (Ex: 16299}   | 
+|P10: New OS branch (Ex: rs3_release}   | 
+
 
 The event will also contain links to log files that can be used to perform a detailed diagnosis of the error.  An example of this event from a successful upgrade is shown below.
 
@@ -60,8 +64,8 @@ The event will also contain links to log files that can be used to perform a det
 
 ## Related topics
 
-[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
-<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-<br>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
-<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)  
+[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)  
+[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)  
+[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)  
+[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)  
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index d5eff8daa4..b2bade848b 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -28,6 +28,9 @@ Windows Easy Transfer is a software wizard for transferring files and settings
 
 With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you cannot use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store.
 
+> [!NOTE]
+> Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10).
+
 ### Migrate with the User State Migration Tool
 You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they are migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded.
 
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index 3090160049..15e9ea1b2d 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -455,9 +455,9 @@ By default, all users are migrated. The only way to specify which users to inclu
 <p>USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /<strong>ue</strong> or /<strong>uel</strong> options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /<strong>all</strong> option, you cannot also use the /<strong>ui</strong>, /<strong>ue</strong> or /<strong>uel</strong> options.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>/<strong>ui</strong>:<em>&lt;DomainName&gt;</em>\<em>&lt;UserName&gt;</em></p>
+<td align="left"><p>/<strong>ui</strong>:<em>&lt;DomainName&gt;</em>&#92;<em>&lt;UserName&gt;</em></p>
 <p>or</p>
-<p>/<strong>ui</strong>:<em>&lt;ComputerName&gt;</em>\<em>&lt;LocalUserName&gt;</em></p></td>
+<p>/<strong>ui</strong>:<em>&lt;ComputerName&gt;</em>&#92;<em>&lt;LocalUserName&gt;</em></p></td>
 <td align="left"><p><strong>(User include)</strong></p>
 <p>Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /<strong>ue</strong> or /<strong>uel</strong> options. You can specify multiple /<strong>ui</strong> options, but you cannot use the /<strong>ui</strong> option with the /<strong>all</strong> option. <em>DomainName</em> and <em>UserName</em> can contain the asterisk (*) wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.</p>
 <div class="alert">
@@ -469,10 +469,10 @@ By default, all users are migrated. The only way to specify which users to inclu
 </div>
 <p>For example:</p>
 <ul>
-<li><p>To include only User2 from the Fabrikam domain, type:</p>
-<p><code>/ue:*\* /ui:fabrikam\user2</code></p></li>
-<li><p>To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:</p>
-<p><code>/uel:30 /ui:fabrikam\*</code></p>
+<p>To include only User2 from the Fabrikam domain, type:</p>
+<p><code>/ue:&#42;&#92;&#42; /ui:fabrikam\user2</code></p>
+<p>To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:</p>
+<p><code>/uel:30 /ui:fabrikam&#92;&#42;</code></p>
 <p>In this example, a user account from the Contoso domain that was last modified 2 months ago will not be migrated.</p></li>
 </ul>
 <p>For more examples, see the descriptions of the /<strong>ue</strong> and /<strong>ui</strong> options in this table.</p></td>
@@ -500,17 +500,17 @@ By default, all users are migrated. The only way to specify which users to inclu
 <li><p><strong>/uel:2002/1/15</strong> migrates users who have logged on or been modified January 15, 2002 or afterwards.</p></li>
 </ul>
 <p>For example:</p>
-<p><code>scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0</code></p></td>
+<p><code>scanstate /i:migapp.xml /i:migdocs.xml &#92;&#92;server\share\migration\mystore /uel:0</code></p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>/<strong>ue</strong>:<em>&lt;DomainName&gt;</em>\<em>&lt;UserName&gt;</em></p>
+<td align="left"><p>/<strong>ue</strong>:<em>&lt;DomainName&gt;</em>&#92;<em>&lt;UserName&gt;</em></p>
 <p>-or-</p>
 <p></p>
-<p>/<strong>ue</strong>:<em>&lt;ComputerName&gt;</em>\<em>&lt;LocalUserName&gt;</em></p></td>
+<p>/<strong>ue</strong>:<em>&lt;ComputerName&gt;</em>&#92;<em>&lt;LocalUserName&gt;</em></p></td>
 <td align="left"><p><strong>(User exclude)</strong></p>
 <p>Excludes the specified users from the migration. You can specify multiple /<strong>ue</strong> options. You cannot use this option with the /<strong>all</strong> option. <em>&lt;DomainName&gt;</em> and <em>&lt;UserName&gt;</em> can contain the asterisk (*) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.</p>
 <p>For example:</p>
-<p><code>scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1</code></p></td>
+<p><code>scanstate /i:migdocs.xml /i:migapp.xml &#92;&#92;server\share\migration\mystore /ue:contoso\user1</code></p></td>
 </tr>
 </tbody>
 </table>
@@ -548,15 +548,15 @@ The following examples apply to both the /**ui** and /**ue** options. You can re
 </tr>
 <tr class="even">
 <td align="left"><p>Exclude all domain users.</p></td>
-<td align="left"><p><code>/ue:Domain\*</code></p></td>
+<td align="left"><p><code>/ue:Domain&#92;&#42;</code></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Exclude all local users.</p></td>
-<td align="left"><p><code>/ue:%computername%\*</code></p></td>
+<td align="left"><p><code>/ue:%computername%&#92;&#42;</code></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Exclude users in all domains named User1, User2, and so on.</p></td>
-<td align="left"><p><code>/ue:*\user*</code></p></td>
+<td align="left"><p><code>/ue:&#42;&#92;user&#42;</code></p></td>
 </tr>
 </tbody>
 </table>
@@ -586,23 +586,23 @@ The /**uel** option takes precedence over the /**ue** option. If a user has logg
 <tbody>
 <tr class="odd">
 <td align="left"><p>Include only User2 from the Fabrikam domain and exclude all other users.</p></td>
-<td align="left"><p><code>/ue:*\* /ui:fabrikam\user2</code></p></td>
+<td align="left"><p><code>/ue:&#42;&#92;&#42; /ui:fabrikam\user2</code></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Include only the local user named User1 and exclude all other users.</p></td>
-<td align="left"><p><code>/ue:*\* /ui:user1</code></p></td>
+<td align="left"><p><code>/ue:&#42;&#92;&#42; /ui:user1</code></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Include only the domain users from Contoso, except Contoso\User1.</p></td>
 <td align="left"><p>This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:</p>
 <ul>
-<li><p>On the <strong>ScanState</strong> command line, type: <code>/ue:*\* /ui:contoso\*</code></p></li>
+<li><p>On the <strong>ScanState</strong> command line, type: <code>/ue:&#42;&#92;&#42; /ui:contoso&#92;&#42;</code></p></li>
 <li><p>On the <strong>LoadState</strong> command line, type: <code>/ue:contoso\user1</code></p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Include only local (non-domain) users.</p></td>
-<td align="left"><p><code>/ue:*\* /ui:%computername%\*</code></p></td>
+<td align="left"><p><code>/ue:&#42;&#92;&#42; /ui:%computername%&#92;&#42;</code></p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
index 03e0029f83..ddbabe01f8 100644
--- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
+++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
@@ -20,6 +20,7 @@ ms.topic: article
 -   Windows 8
 -   Windows Server 2012 R2
 -   Windows Server 2012
+-   Windows Server 2016
 
 **Looking for retail activation?**
 -   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
index dd8545387c..2fea892b96 100644
--- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
+++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
@@ -133,11 +133,9 @@ If you have already established a KMS infrastructure in your organization for an
 1.  Download and install the correct update for your current KMS host operating system. Restart the computer as directed.
 2.  Request a new KMS host key from the Volume Licensing Service Center.
 3.  Install the new KMS host key on your KMS host.
-4.  Activate the new KMS host key by running the slmrg.vbs script.
+4.  Activate the new KMS host key by running the slmgr.vbs script.
 
 For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
 
 ## See also
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
- 
-
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
index d2e6471454..fd2778c09b 100644
--- a/windows/deployment/windows-autopilot/enrollment-status.md
+++ b/windows/deployment/windows-autopilot/enrollment-status.md
@@ -20,6 +20,8 @@ ms.topic: article
 The Windows Autopilot Enrollment Status page displaying the status of the complete device configuration process.  Incorporating feedback from customers, this provides information to the user to show that the device is being set up and can be configured to prevent access to the desktop until the configuration is complete. 
  
  ![Enrollment status page](images/enrollment-status-page.png)
+ 
+From Windows 10 version 1803 onwards, you can opt out of the account setup phase. If it is skipped, settings will be applied for users when they access their desktop for the first time. 
 
 ## Available settings
 
diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md
index d69c5869ba..c75f3e2df4 100644
--- a/windows/deployment/windows-autopilot/user-driven-hybrid.md
+++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md
@@ -29,7 +29,8 @@ To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
     - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
 - If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group.
 - The device must be running Windows 10, version 1809 or later.
-- The device must be connected to the Internet and have access to an Active Directory domain controller.
+- The device must be able to access an Active Directory domain controller, so it must be connected to the organization's network (where it can resolve the DNS records for the AD domain and the AD domain controller, and communicate with the domain controller to authenticate the user).
+- The device must be able to access the Internet, following the [documented Windows Autopilot network requirements](windows-autopilot-requirements-network.md).
 - The Intune Connector for Active Directory must be installed.
     - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf. 
 - If using Proxy, WPAD Proxy settings option must be enabled and configured.
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
index ac25a597f7..9c3466b10e 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
@@ -19,12 +19,14 @@ ms.topic: article
 
 **Applies to: Windows 10, version 1709 and above
 
+The Intune Service Administrator role is required to perform this task.  Learn more about how to [Assign Azure Active Directory roles](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).
+
 IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
 
 To enable local Autopilot Reset in Windows 10:
 
-1. [Enable the policy for the feature](#enable-autopilot-reset)
-2. [Trigger a reset for each device](#trigger-autopilot-reset)
+1. [Enable the policy for the feature](#enable-local-windows-autopilot-reset)
+2. [Trigger a reset for each device](#trigger-local-windows-autopilot-reset)
 
 ## Enable local Windows Autopilot Reset
 
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
index 78eca0eb39..ffcb775726 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
@@ -28,7 +28,7 @@ The Windows Autopilot Reset process automatically retains information from the e
 -   Provisioning packages previously applied to the device, as well as a provisioning package present on a USB drive when the reset process is initiated. 
 -   Azure Active Directory device membership and MDM enrollment information.
 
-Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages.  For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.  This requires configuring the device to use the [enrollment status page](enrollment-status.md).
+Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages.  For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.  
 
 >[!IMPORTANT] 
 >To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
diff --git a/windows/hub/windows-10-landing.yml b/windows/hub/windows-10-landing.yml
deleted file mode 100644
index 9932c85367..0000000000
--- a/windows/hub/windows-10-landing.yml
+++ /dev/null
@@ -1,77 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10
-metadata:
-  document_id: 
-  title: Windows 10
-  description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. 
-  keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
-  ms.localizationpriority: medium
-  author: lizap
-  ms.author: elizapo
-  manager: dougkim
-  ms.topic: article
-  ms.devlang: na
-
-sections:
-- items:
-  - type: markdown
-    text: "
-      Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. 
-      "  
-- title: Explore
-- items:
-  - type: markdown
-    text: "
-      Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.<br> 
-      <table><tr><td><img src='images/explore1.png' width='192' height='192'><br>**Download a free 90-day evaluation**<br>Try the latest features. Test your apps, hardware, and deployment strategies.<br><a href='https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise'>Start evaluation</a></td><td><img src='images/explore2.png' width='192' height='192'><br>**Get started with virtual labs**<br>Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.<br><a href='https://www.microsoft.com/en-us/itpro/windows-10/virtual-labs'>See Windows 10 labs</a></td><td><img src='images/explore3.png' width='192' height='192'><br>**Conduct a proof of concept**<br>Download a lab environment with MDT, Configuration Manager, Windows 10, and more.<br><a href='https://go.microsoft.com/fwlink/p/?linkid=861441'>Get deployment kit</a></td></tr>
-      </table>
-      "
-- title: What's new
-- items:
-  - type: markdown
-    text: "
-      Learn about the latest releases and servicing options.<br> 
-      <table><tr><td><img src='images/land-new.png' width='384' height='384'></td><td><a href='https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809'>What's new in Windows 10, version 1809</a><br><a href='https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803'>What's new in Windows 10, version 1803</a><br><a href='https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709'>What's new in Windows 10, version 1709</a><br><a href='https://docs.microsoft.com/windows/windows-10/release-information'>Windows 10 release information</a><br><a href='https://support.microsoft.com/help/12387/windows-10-update-history'>Windows 10 update history</a><br><a href='https://go.microsoft.com/fwlink/p/?linkid=861443'>Windows 10 roadmap</a></td></tr>
-      </table>
-      "
-- title: Frequently asked questions
-- items:
-  - type: markdown
-    text: "
-      Get answers to commom questions, or get help with a specific problem.<br> 
-      <table><tr><td><a href='https://docs.microsoft.com/windows/deployment/planning/windows-10-enterprise-faq-itpro'>Windows 10 FAQ for IT Pros</a><br><a href='https://go.microsoft.com/fwlink/p/?linkid=861444'>Windows 10 forums</a><br><a href='https://techcommunity.microsoft.com/t5/Windows-10/bd-p/Windows10space'>Windows 10 TechCommunity</a><br><a href='https://go.microsoft.com/fwlink/p/?linkid=861445'>Which edition is right for your organization?</a><br><a href='https://docs.microsoft.com/windows/deployment/planning/windows-10-infrastructure-requirements'>Infrastructure requirements</a><br><a href='https://www.microsoft.com/itpro/windows-10/windows-as-a-service'>What's Windows as a service?</a><br><a href='https://docs.microsoft.com/en-us/windows/client-management/windows-10-mobile-and-mdm'>Windows 10 Mobile deployment and management guide</a></td><td><img src='images/faq.png' width='384' height='384'></td></tr>
-      </table>
-      "
-- title: Plan
-- items:
-  - type: markdown
-    text: "
-      Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options. <br> 
-      <table><tr><td><img src='images/plan1.png' width='192' height='192'><br>**Application compatibility**<br>Get best practices and tools to help you address compatibility issues prior to deployment.<br><a href='https://www.readyforwindows.com/'>Find apps that are ready for Windows 10.</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness'>Identify and prioritize apps with Upgrade Readiness</a><br><a href='https://technet.microsoft.com/microsoft-edge/mt612809.aspx'>Test, validate, and implement with the Web Application Compatibility Lab Kit</a></td><td><img src='images/plan2.png' width='192' height='192'><br>**Upgrade options**<br>Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.<br><a href='https://docs.microsoft.com/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades'>Manage Windows upgrades with Upgrade Readiness</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths'>Windows 10 upgrade paths</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/windows-10-edition-upgrades'>Windows 10 edition upgrades</a></td><td><img src='images/plan3.png' width='192' height='192'><br>**Windows as a service**<br>Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.<br><a href='https://docs.microsoft.com/windows/deployment/update/windows-as-a-service'>Explore</a></td></tr>
-      </table>
-      "
-- title: Deploy
-- items:
-  - type: markdown
-    text: "
-      Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.<br> 
-      <table><tr><td><img src='images/deploy1.png' width='192' height='192'><br>**In-place upgrade**<br>The simplest way to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.<br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager'>Upgrade to Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit'>Upgrade to Windows 10 with MDT</a></td><td><img src='images/deploy2.png' width='192' height='192'><br>**Traditional deployment**<br>Some organizations may still need to opt for an image-based deployment of Windows 10.<br><a href='https://docs.microsoft.com/en-us/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems'>Deploy Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit'>Deploy Windows 10 with MDT</a></td></tr><tr><td><img src='images/deploy3.png' width='192' height='192'><br>**Dynamic provisioning**<br>With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.<br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages'>Provisioning packages for Windows 10</a><br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package'>Build and apply a provisioning package</a><br><a href='https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd'>Customize Windows 10 start and the taskbar</a></td><td><img src='images/deploy4.png' width='192' height='192'><br>**Other deployment scenarios**<br>Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.<br><a href='https://docs.microsoft.com/education/windows/'>Windows deployment for education environments</a><br><a href='https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc'>Set up a shared or guest PC with Windows 10</a><br><a href='https://docs.microsoft.com/windows/application-management/sideload-apps-in-windows-10'>Sideload apps in Windows 10</a></td></tr>
-      </table>
-      "
-- title: Management and security
-- items:
-  - type: markdown
-    text: "
-      Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.<br> 
-      <table><tr><td><img src='images/manage1.png' width='288' height='288'><br>**Manage Windows 10 updates**<br>Get best practices and tools to help you manage clients and apps.<br><a href='https://docs.microsoft.com/en-us/windows/client-management/'>Manage clients in Windows 10</a><br><a href='https://docs.microsoft.com/en-us/windows/application-management/'>Manage apps and features in Windows 10</a></td><td><img src='images/manage2.png' width='288' height='288'><br>**Security**<br>Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.<br><a href='https://docs.microsoft.com/windows/security/index'>Windows 10 enterprise security</a><br><a href='https://docs.microsoft.com/windows/security/threat-protection'>Threat protection</a><br><a href='https://docs.microsoft.com/windows/access-protection'>Identity protection</a><br><a href='https://docs.microsoft.com/windows/security/information-protection'>Information protection</a></td></tr>
-      </table>
-      "
-- title: Stay informed
-- items:
-  - type: markdown
-    text: "
-      <table><tr><td><img src='images/insider.png' width='192' height='192'><br>**Sign up for the Windows IT Pro Insider**<br>Find out about new resources and get expert tips and tricks on deployment, management, security, and more.<br><a href='https://aka.ms/windows-it-pro-insider'>Learn more</a></td><td><img src='images/twitter.png' width='192' height='192'><br>**Follow us on Twitter**<br>Keep up with the latest desktop and device trends, Windows news, and events for IT pros.<br><a href='https://twitter.com/MSWindowsITPro'>Visit Twitter</a></td><td><img src='images/wip4biz.png' width='192' height='192'><br>**Join the Windows Insider Program for Business**<br>Get early access to new builds and provide feedback on the latest features and functionalities.<br><a href='https://insider.windows.com/ForBusiness'>Get started</a></td></tr>
-      </table>
-      "
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 0cbf266f2a..11f72817b6 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1,4 +1,4 @@
----
+--- 
 title: Manage connections from Windows operating system components to Microsoft services (Windows 10)
 description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
@@ -133,7 +133,7 @@ The following table lists management options for each setting, beginning with Wi
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | |
-| &nbsp;&nbsp;&nbsp;&nbsp;[18.6 Speech, inking, & typing](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
@@ -148,6 +148,7 @@ The following table lists management options for each setting, beginning with Wi
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) |  |  | |
 | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
@@ -155,12 +156,11 @@ The following table lists management options for each setting, beginning with Wi
 | [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
 | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [25. Windows Media Player](#bkmk-wmp) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
-| [26. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [27. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| &nbsp;&nbsp;&nbsp;&nbsp;[27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
-| [28. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [29. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
 
 
 ### Settings for Windows Server 2016 with Desktop Experience
@@ -185,17 +185,16 @@ See the following table for a summary of the management settings for Windows Ser
 | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [25. Windows Media Player](#bkmk-wmp) | | | | ![Check mark](images/checkmark.png) |
-| [27. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| &nbsp;&nbsp;&nbsp;&nbsp;[27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
-| [29. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
+| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 
 ### Settings for Windows Server 2016 Server Core
 
 See the following table for a summary of the management settings for Windows Server 2016 Server Core.
 
 | Setting | Group Policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: | :-: |
+| - | :-: | :-: | :-: |
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
@@ -203,18 +202,18 @@ See the following table for a summary of the management settings for Windows Ser
 | [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | | |
 | [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
 | [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [29. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 
 ### Settings for Windows Server 2016 Nano Server
 
 See the following table for a summary of the management settings for Windows Server 2016 Nano Server.
 
 | Setting | Registry | Command line |
-| - | :-: | :-: | :-: | :-: | :-: |
+| - | :-: | :-: | 
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | |
 | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | |
 | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) |
-| [29. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | |
+| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | |
 
 ### Settings for Windows Server 2019
 
@@ -244,7 +243,7 @@ See the following table for a summary of the management settings for Windows Ser
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | |
-| &nbsp;&nbsp;&nbsp;&nbsp;[18.6 Speech, inking, & typing](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
@@ -259,6 +258,7 @@ See the following table for a summary of the management settings for Windows Ser
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[18.21 Inking & Typing](#bkmk-priv-ink) | | |  ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) |  |  | |
 | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
@@ -266,12 +266,11 @@ See the following table for a summary of the management settings for Windows Ser
 | [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
 | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | &nbsp;&nbsp;&nbsp;&nbsp;[24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [25. Windows Media Player](#bkmk-wmp) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
-| [26. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [27. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-| &nbsp;&nbsp;&nbsp;&nbsp;[27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
-| [28. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-| [29. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
 
 ## How to configure each setting
 
@@ -299,7 +298,7 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
 
   -or-
 
-- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
+- Create the registry path **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\AuthRoot** and then add a REG_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
 
   -and-
 
@@ -311,7 +310,7 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
 
 On Windows Server 2016 Nano Server:
 
-- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
+- Create the registry path **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\AuthRoot** and then add a REG_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
 
 >[!NOTE]
 >CRL and OCSP network traffic is currently whitelisted and will still show up in network traces.  CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
@@ -326,26 +325,26 @@ Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Ad
 
 | Policy                                               | Description                                                                           |
 |------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.<br/><br/>Disable this policy to turn off Cortana. |
-| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.<br/><br/>Disable this policy to block access to location information for Cortana. |
-| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search.<br/><br/>Enable this policy to remove the option to search the Internet from Cortana. |
-| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.<br/><br/>Enable this policy to stop web queries and results from showing in Search. |
-| Set what information is shared in Search             | Control what information is shared with Bing in Search.<br/><br/>If you enable this policy and set it to **Anonymous info**, usage information will be shared but not search history, Microsoft Account information, or specific location. |
+| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.<br/><br/>**Disable** this policy to turn off Cortana. |
+| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.<br/><br/>**Disable** this policy to block access to location information for Cortana. |
+| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search.<br/><br/>**Enable** this policy to remove the option to search the Internet from Cortana. |
+| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.<br/><br/>**Enable** this policy to stop web queries and results from showing in Search. |
+| Set what information is shared in Search             | Control what information is shared with Bing in Search.<br/><br/>If you **enable** this policy and set it to **Anonymous info**, usage information will be shared but not search history, Microsoft Account information, or specific location. |
 
 You can also apply the Group Policies using the following registry keys:
 
 | Policy                                               | Registry Path                                                                           |
 |------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana                                        | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: AllowCortana <br/>Value: 0|
-| Allow search and Cortana to use location             | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: AllowSearchToUseLocation <br/>Value: 0 |
-| Do not allow web search                              | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: DisableWebSearch <br/>Value: 1 |
-| Don't search the web or display web results in Search| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: ConnectedSearchUseWeb <br/>Value: 0 |
-| Set what information is shared in Search             | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: ConnectedSearchPrivacy <br/>Value: 3 |
+| Allow Cortana                                        | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: AllowCortana <br/>Value: 0|
+| Allow search and Cortana to use location             | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: AllowSearchToUseLocation <br/>Value: 0 |
+| Do not allow web search                              | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: DisableWebSearch <br/>Value: 1 |
+| Don't search the web or display web results in Search| HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: ConnectedSearchUseWeb <br/>Value: 0 |
+| Set what information is shared in Search             | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: ConnectedSearchPrivacy <br/>Value: 3 |
 
 >[!IMPORTANT]
->These steps are not required for devices running Windows 10, version 1607 or Windows Server 2016.
+> Using the Group Policy editor these steps are required for all supported versions of Windows 10, however they are not required for devices running Windows 10, version 1607 or Windows Server 2016.
 
-1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
+1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Defender Firewall with Advanced Security** &gt; **Windows Defender Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
 
 2.  Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
 
@@ -363,12 +362,15 @@ You can also apply the Group Policies using the following registry keys:
 
 9.  Configure the **Protocols and Ports** page with the following info, and then click **OK**.
 
-  - For **Protocol type**, choose **TCP**.
+    - For **Protocol type**, choose **TCP**.
 
-  - For **Local port**, choose **All Ports**.
+    - For **Local port**, choose **All Ports**.
 
-  - For **Remote port**, choose **All ports**.
+    - For **Remote port**, choose **All ports**.
 
+-or-
+
+-  Create a new REG_SZ registry setting named **{0DE40C8E-C126-4A27-9371-A27DAB1039F7}** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\FirewallRules** and set it to a value of **v2.25|Action=Block|Active=TRUE|Dir=Out|Protocol=6|App=%windir%\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\searchUI.exe|Name=Block outbound Cortana|**
 
 If your organization tests network traffic, do not use a network proxy as Windows Firewall does not block proxy traffic. Instead, use a network traffic analyzer. Based on your needs, there are many network traffic analyzers available at no cost.
 
@@ -389,29 +391,26 @@ You can prevent Windows from setting the time automatically.
 
   -or-
 
-- Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters\\Type** with a value of **NoSync**.
+- Create a REG_SZ registry setting in **HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters\\Type** with a value of **NoSync**.
 
 After that, configure the following:
 
-- Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Enable Windows NTP Server** &gt; **Windows Time Service** &gt; **Configure Windows NTP Client**
+- **Disable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Windows Time Service** &gt; **Time Providers** &gt; **Enable Windows NTP Client**
 
-    > [!NOTE]
-    > This is only available on Windows 10, version 1703 and later. If you're using Windows 10, version 1607, the Group Policy setting is **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Windows Time Service** &gt; **Time Providers** &gt; **Enable Windows NTP Client**
+  -or-
 
-  -or -
-
--  Create a new REG\_DWORD registry setting named **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient** and set it to 0 (zero).
+-  Create a new REG_DWORD registry setting named **Enabled** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient** and set it to **0 (zero)**.
 
 
 ### <a href="" id="bkmk-devinst"></a>4. Device metadata retrieval
 
 To prevent Windows from retrieving device metadata from the Internet:
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
 
   -or -
 
-- Create a new REG\_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
+- Create a new REG_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
 
   -or -
 
@@ -421,13 +420,15 @@ To prevent Windows from retrieving device metadata from the Internet:
 
 To turn off Find My Device:
 
-- Turn off the feature in the UI
+- Turn **Off** the feature in the UI by going to **Settings -> Update & Security -> Find My Device**, click the Change button, and set the value to **Off**
 
   -or-
 
-- Disable the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
 
-You can also create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FindMyDevice\\AllowFindMyDevice** to 0 (zero).
+  -or-
+
+- You can also create a new REG_DWORD registry setting **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FindMyDevice\\AllowFindMyDevice** to **0 (zero)**.
 
 ### <a href="" id="font-streaming"></a>6. Font streaming
 
@@ -435,15 +436,19 @@ Fonts that are included in Windows but that are not stored on the local device c
 
 If you're running Windows 10, version 1607, Windows Server 2016, or later:
 
-- Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** > **Fonts** > **Enable Font Providers**.
+- **Disable** the Group Policy: **Computer Configuration** >   **Administrative Templates** > **Network** > **Fonts** > **Enable Font Providers**.
 
-- Create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\System\\EnableFontProviders** to 0 (zero).
+  -or-
+
+- Create a new REG_DWORD registry setting **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\EnableFontProviders** to **0 (zero)**.
+
+  -or-
 
 - In Windows 10, version 1703, you can apply the System/AllowFontProviders MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
 
-  - **false**. Font streaming is disabled.
+  - **False**. Font streaming is Disabled.
 
-  - **true**. Font streaming is enabled.
+  - **True**. Font streaming is Enabled.
 
 > [!NOTE]
 > After you apply this policy, you must restart the device for it to take effect.
@@ -451,8 +456,7 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later:
 
 ### <a href="" id="bkmk-previewbuilds"></a>7. Insider Preview builds
 
-The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10.
-This setting stops communication with the Windows Insider Preview service that checks for new builds.
+The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10. This setting stops communication with the Windows Insider Preview service that checks for new builds.
 Windows Insider Preview builds only apply to Windows 10 and are not available for Windows Server 2016.
 
 
@@ -461,7 +465,7 @@ Windows Insider Preview builds only apply to Windows 10 and are not available fo
 
 To turn off Insider Preview builds for a released version of Windows 10:
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
+- **Disable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
 
 To turn off Insider Preview builds for Windows 10:
 
@@ -472,11 +476,11 @@ To turn off Insider Preview builds for Windows 10:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
+- **Enable** the Group Policy **Toggle user control over Insider builds** under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds**
 
-  -or -
+  -or-
 
--  Create a new REG\_DWORD registry setting named **AllowBuildPreview** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a vlue of 0 (zero)
+- Create a new REG_DWORD registry setting named **AllowBuildPreview** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a **value of 0 (zero)**
 
   -or-
 
@@ -488,63 +492,70 @@ To turn off Insider Preview builds for Windows 10:
 
   - **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
 
-  -or-
-
-- Create a provisioning package: **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowBuildPreview**, where:
-
-  - **0**. Users cannot make their devices available for downloading and installing preview software.
-
-  - **1**. Users can make their devices available for downloading and installing preview software.
-
-  - **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
 
 ### <a href="" id="bkmk-ie"></a>8. Internet Explorer
-
-Use Group Policy to manage settings for Internet Explorer.  You can find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
+> [!NOTE]
+> The following Group Policies and Registry Keys are for user interactive scenarios rather then the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: 
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. <br /> Default: Enabled <br /> You can also turn this off in the UI by clearing the **Internet Options** &gt; **Advanced** &gt; **Enable Suggested Sites** check box.|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the Address Bar. <br /> Default: Enabled|
-| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the Address Bar. <br /> Default: Disabled </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> &gt; **Advanced** &gt; **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
-| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> Default: Disabled|
-| Prevent managing SmartScreen filter | Choose whether employees can manage the SmartScreen Filter in Internet Explorer. <br /> Default: Disabled |
+| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. <br /> **Set Value to: Disabled** <br /> You can also turn this off in the UI by clearing the **Internet Options** &gt; **Advanced** &gt; **Enable Suggested Sites** check box.|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the Address Bar. <br /> **Set Value to: Disabled**|
+| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the Address Bar. <br /> **Set Value to: Enabled** </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> &gt; **Advanced** &gt; **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
+| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> **Set Value to: Enabled**|
+| Prevent managing SmartScreen filter | Choose whether employees can manage the SmartScreen Filter in Internet Explorer. <br /> **Set Value to: Enabled** and then set **Select SmartScreen filtering mode** to **Off**.|
 
-Alternatively, you could use the registry to set the Group Policies.
 
-| Policy                                               | Registry path                                                                                         |
+| Registry Key                                         | Registry path                                                                                       |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn on Suggested Sites| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites<br/>REG_DWORD: Enabled <br />Value: 0|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer<br/>REG_DWORD: AllowServicePoweredQSA <br />Value: 0|
-| Turn off the auto-complete feature for web addresses | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\AutoComplete<br/>REG_SZ: AutoSuggest<br />Value: **No** |
-| Turn off browser geolocation | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation<br/>REG_DWORD: PolicyDisableGeolocation <br />Value: 1 |
-| Prevent managing SmartScreen filter | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter<br/>REG_DWORD: EnabledV9 <br />Value: 0 |
+| Turn on Suggested Sites| HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites<br/>REG_DWORD: Enabled <br />**Set Value to: 0**|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer<br />REG_DWORD: AllowServicePoweredQSA <br />**Set Value to: 0**|
+| Turn off the auto-complete feature for web addresses |HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\CurrentVersion\\Explorer\\AutoComplete<br/>REG_SZ: AutoSuggest <br />Set Value to: **no** |
+| Turn off browser geolocation | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation<br/>REG_DWORD: PolicyDisableGeolocation <br />**Set Value to: 1** |
+| Prevent managing SmartScreen filter | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter<br/>REG_DWORD: EnabledV9 <br />**Set Value to: 0** |
 
 There are more Group Policy objects that are used by Internet Explorer:
 
 | Path | Policy | Description |
 | - | - | - |
-| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Compatibility View** > **Turn off Compatibility View** | Choose whether employees can configure Compatibility View. | Choose whether an employee can swipe across a screen or click forward to go to the next pre-loaded page of a website. <br /> Default: Disabled |
-| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Internet Control Panel** > **Advanced Page**  | Turn off the flip ahead with page prediction feature | Choose whether an employee can swipe across a screen or click forward to go to the next pre-loaded page of a website. <br /> Default: Enabled |
-| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **RSS Feeds** | Turn off background synchronization for feeds and Web Slices | Choose whether to have background synchronization for feeds and Web Slices. <br /> Default: Enabled |
-| **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Allow Online Tips** | Allow Online Tips | Enables or disables the retrieval of online tips and help for the Settings app. <br /> Set to : Disabled |
+| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Compatibility View** > **Turn off Compatibility View** | Choose whether employees can configure Compatibility View. | Choose whether an employee can fix website display problems that he or she may encounter while browsing. <br /> **Set to: Enabled** |
+| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Internet Control Panel** > **Advanced Page**  | Turn off the flip ahead with page prediction feature | Choose whether an employee can swipe across a screen or click forward to go to the next pre-loaded page of a website. <br /> **Set to: Enabled** |
+| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **RSS Feeds** | Turn off background synchronization for feeds and Web Slices | Choose whether to have background synchronization for feeds and Web Slices. <br /> **Set to: Enabled** |
+| **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Allow Online Tips** | Allow Online Tips | Enables or disables the retrieval of online tips and help for the Settings app. <br /> **Set to: Disabled** |
 
-You can also use registry entries to set these Group Policies.
+You can also use Registry keys to set these policies.
 
-| Policy                                               | Registry path                                                                                         |
+| Registry Key                                         | Registry path                                                                                       |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Choose whether employees can configure Compatibility View. | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation<br/>REG_DWORD: MSCompatibilityMode <br />Value: 0|
-| Turn off the flip ahead with page prediction feature | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead<br/>REG_DWORD: Enabled <br />Value: 0|
-| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds<br/>REG_DWORD: BackgroundSyncStatus <br/>Value: 0|
-| Turn off Online Tips | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer<br/>REG_DWORD: AllowOnlineTips <br/>Value: 0|
+| Choose whether employees can configure Compatibility View. | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation<br/>REG_DWORD: DisableSiteListEditing <br /> **Set Value to 1**|
+| Turn off the flip ahead with page prediction feature | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead<br/>REG_DWORD: Enabled <br /> **Set Value to 0**|
+| Turn off background synchronization for feeds and Web Slices | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds<br/>REG_DWORD: BackgroundSyncStatus <br/> **Set Value to 0**|
+| Allow Online Tips | HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer<br/>REG_DWORD: AllowOnlineTips <br/> **Set Value to 0**|
+
+To turn off the home page, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
+
+  -or -
+
+- Create a new REG_SZ registry setting named **Start Page** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
+
+  -and -
+
+- Create a new REG_DWORD registry setting named **HomePage** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
 
 
+To configure the First Run Wizard, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**.
 
-To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
+  -or -
 
-To configure the First Run Wizard, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**.
+- Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
+
+
+To configure the behavior for a new tab, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**.
+
+  -or -
+
+- Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
 
-To configure the behavior for a new tab, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**.
 
 ### <a href="" id="bkmk-ie-activex"></a>8.1 ActiveX control blocking
 
@@ -552,11 +563,11 @@ ActiveX control blocking periodically downloads a new list of out-of-date Active
 
 You can turn this off by:
 
--  Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList**
+-  **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList**
 
   -or -
 
--  Changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
+-  Changing the REG_DWORD registry setting **HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to **0 (zero)**.
 
 For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/library/dn761713.aspx).
 
@@ -564,7 +575,7 @@ For more info, see [Out-of-date ActiveX control blocking](https://technet.micros
 
 You can turn off License Manager related traffic by setting the following registry entry:
 
--   Add a REG\_DWORD value named **Start** to **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\LicenseManager** and set the value to 4
+-   Add a REG_DWORD value named **Start** to **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LicenseManager** and set the **value to 4**
 
 -   The value 4 is to disable the service. Here are the available options to set the registry:
 
@@ -582,11 +593,11 @@ You can turn off License Manager related traffic by setting the following regist
 
 To turn off Live Tiles:
 
-- Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a **value of 1 (one)** 
 
 In Windows 10 Mobile, you must also unpin all tiles that are pinned to Start.
 
@@ -606,28 +617,26 @@ To turn off mail synchronization for Microsoft Accounts that are configured on a
 
 To turn off the Windows Mail app:
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Mail** &gt; **Turn off Windows Mail application**
-
-  -or-
-
-- Create a REG\_DWORD registry setting named **ManualLaunchAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Mail** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **ManualLaunchAllowed** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Mail** with a **value of 0 (zero)**.
 
 ### <a href="" id="bkmk-microsoft-account"></a>12. Microsoft Account
 
 To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt; **Security Options** &gt; **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Local Policies** &gt; **Security Options** &gt; **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
 
   -or-
 
-- Create a REG\_DWORD registry setting named **NoConnectedUser** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System** with a value of 3.
+- Create a REG_DWORD registry setting named **NoConnectedUser** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System** with a **value of 3**.
 
 
 To disable the Microsoft Account Sign-In Assistant:
 
 - Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
 
-- Change the Start REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
+  -or-
+
+- Change the **Start** REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
 
 
 ### <a href="" id="bkmk-edge"></a>13. Microsoft Edge
@@ -640,30 +649,33 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Allow configuration updates for the Books Library            | Choose whether configuration updates are done for the Books Library. <br /> Default: Enabled       |
-| Configure Autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
-| Configure Do Not Track         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
-| Configure Password Manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
-| Configure search suggestions in Address Bar              | Choose whether the Address Bar shows search suggestions. <br /> Default: Enabled                    |
-| Configure Windows Defender SmartScreen (Windows 10, version 1703)               | Choose whether Windows Defender SmartScreen is turned on or off.  <br /> Default: Enabled                            |
-| Allow web content on New Tab page                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
-| Configure Start pages                       | Choose the Start page for domain-joined devices. <br /> Set this to **\<about:blank\>**        |
-| Prevent the First Run webpage from opening on Microsoft Edge                       | Choose whether employees see the First Run webpage. <br /> Set to: Enable        |
+| Allow Address bar drop-down list suggestions            |  Choose whether to show the address bar drop-down list <br /> **Set to Disabled**       |
+| Allow configuration updates for the Books Library            | Choose whether configuration updates are done for the Books Library. <br /> **Set to Disabled**       |
+| Configure Autofill                                    | Choose whether employees can use autofill on websites. <br /> **Set to Disabled**                      |
+| Configure Do Not Track         | Choose whether employees can send Do Not Track headers.<br /> **Set to Enabled**                     |
+| Configure Password Manager                            | Choose whether employees can save passwords locally on their devices. <br /> **Set to Disabled**       |
+| Configure search suggestions in Address Bar              | Choose whether the Address Bar shows search suggestions. <br /> **Set to Disabled**                    |
+| Configure Windows Defender SmartScreen (Windows 10, version 1703)               | Choose whether Windows Defender SmartScreen is turned on or off.  <br /> **Set to Disabled**                            |
+| Allow web content on New Tab page                     | Choose whether a new tab page appears.  <br /> **Set to Disabled**                                     |
+| Configure Start pages                       | Choose the Start page for domain-joined devices. <br /> **Enabled** and **Set this to <<about:blank>>**         |
+| Prevent the First Run webpage from opening on Microsoft Edge                       | Choose whether employees see the First Run webpage. <br /> **Set to: Enable**        |
+| Allow Microsoft Compatibility List                       | Choose whether to use the Microsoft Compatibility List in Microsoft Edge. <br /> **Set to: Disabled**        |
 
-Alternatively, you can configure the Microsoft Group Policies using the following registry entries:
+Alternatively, you can configure the these Registry keys as described:
 
-| Policy | Registry path |
+| Registry Key | Registry path |
 | - | - |
-| Allow Address Bar drop-down list suggestions  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: ShowOneBox<br/>Value: 0|
-| Allow configuration updates for the Books Library  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary<br/>REG_DWORD name: AllowConfigurationUpdateForBooksLibrary<br/>Value: 1|
-| Configure Autofill  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: Use FormSuggest<br/>Value : **no** |
-| Configure Do Not Track   | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_DWORD name: DoNotTrack<br/> REG_DWORD: 1 |
-| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: FormSuggest Passwords<br /> REG_SZ: **no** |
-| Configure search suggestions in Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes<br/>REG_DWORD name: ShowSearchSuggestionsGlobal <br />Value: 0|
-| Configure Windows Defender SmartScreen Filter (Windows 10, version 1703) | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter<br/>REG_DWORD name: EnabledV9 <br/>Value: 0 |
-| Allow web content on New Tab page  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes<br/>REG_DWORD name: AllowWebContentOnNewTabPage <br/>Value: 0 |
-| Configure corporate Home pages | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: ProvisionedHomePages <br/>Value: 0|
-| Prevent the First Run webpage from opening on Microsoft Edge | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main <br>REG_DWORD name: PreventFirstRunPage <br/>Value: 1|
+| Allow Address Bar drop-down list suggestions  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: ShowOneBox<br/> Set to **0**|
+| Allow configuration updates for the Books Library  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary<br/>REG_DWORD name: AllowConfigurationUpdateForBooksLibrary<br/> Set to **0**|
+| Configure Autofill  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: Use FormSuggest<br/>Value : **No** |
+| Configure Do Not Track   | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_DWORD name: DoNotTrack<br/> REG_DWORD: **1** |
+| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: FormSuggest Passwords<br /> REG_SZ: **No** |
+| Configure search suggestions in Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes<br/>REG_DWORD name: ShowSearchSuggestionsGlobal <br />Value: **0**|
+| Configure Windows Defender SmartScreen Filter (Windows 10, version 1703) | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter<br/>REG_DWORD name: EnabledV9 <br/>Value: **0** |
+| Allow web content on New Tab page  | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: AllowWebContentOnNewTabPage <br/>Value: **0** |
+| Configure corporate Home pages | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings<br/>REG_SZ name: ProvisionedHomePages <br/>Value: **<<about:blank>>**|
+| Prevent the First Run webpage from opening on Microsoft Edge | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main <br>REG_DWORD name: PreventFirstRunPage <br/>Value: **1**|
+| Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation<br/>REG_DWORD: MSCompatibilityMode <br />Value: **0**|
 
 
 ### <a href="" id="bkmk-edge-mdm"></a>13.2 Microsoft Edge MDM policies
@@ -672,13 +684,13 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. <br /> Default: Allowed                      |
-| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.<br /> Default: Not allowed                  |
-| Browser/AllowMicrosoftCompatbilityList               | Specify the Microsoft compatibility list in Microsoft Edge. <br /> Default: Enabled                 |
-| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. <br /> Default: Allowed       |
-| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the Address Bar shows search suggestions.. <br /> Default: Allowed                   |
-| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
-| Browser/FirstRunURL                                  | Choose the home page for Microsoft Edge on Windows Mobile 10. <br /> Default: blank                 |
+| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. <br /> **Set to: Not Allowed**                      |
+| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.<br /> **Set to: Allowed**                  |
+| Browser/AllowMicrosoftCompatbilityList               | Specify the Microsoft compatibility list in Microsoft Edge. <br /> **Set to: Not Allowed**                 |
+| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. <br /> **Set to: Not Allowed**       |
+| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the Address Bar shows search suggestions.. <br /> **Set to: Not Allowed**                   |
+| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> **Set to: Not Allowed**                            |
+| Browser/FirstRunURL                                  | Choose the home page for Microsoft Edge on Windows Mobile 10. <br /> **Set to:** blank                 |
 
 
 For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies).
@@ -691,7 +703,7 @@ In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2
 
 You can turn off NCSI by doing one of the following:
 
-- Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
 
 - In Windows 10, version 1703 and later, apply the Connectivity/DisallowNetworkConnectivityActiveTests MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) with a value of 1.
 
@@ -700,49 +712,49 @@ You can turn off NCSI by doing one of the following:
 
 -or-
 
-- Create a REG\_DWORD registry setting named **NoActiveProbe** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **NoActiveProbe** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator** with a value of 1 (one).
 
 ### <a href="" id="bkmk-offlinemaps"></a>15. Offline maps
 
 You can turn off the ability to download and update offline maps.
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **AutoDownloadAndUpdateMapData** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **AutoDownloadAndUpdateMapData** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a **value of 0 (zero)**.
 
   -or-
 
-- In Windows 10, version 1607 and later, apply the Maps/EnableOfflineMapsAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate) with a value of 0.
+- In Windows 10, version 1607 and later, apply the Maps/EnableOfflineMapsAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate) with a **value of 0**.
 
   -and-
 
-- In Windows 10, version 1607 and later, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
+- In Windows 10, version 1607 and later, **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **AllowUntriggeredNetworkTrafficOnSettingsPage** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **AllowUntriggeredNetworkTrafficOnSettingsPage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a value of 0 (zero).
 
 ### <a href="" id="bkmk-onedrive"></a>16. OneDrive
 
 To turn off OneDrive in your organization:
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **DisableFileSyncNGSC** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **DisableFileSyncNGSC** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive** with a value of 1 (one).
 
   -and-
 
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent OneDrive from generating network traffic until the user signs in to OneDrive (Enable)**
+-   **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent OneDrive from generating network traffic until the user signs in to OneDrive (Enable)**
 
     -or-
 
-- Create a REG\_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\OneDrive** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OneDrive** with a **value of 1 (one)** 
 
- -or-
+-or-
 
 -   Set the System/DisableOneDriveFileSync MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync) to True (value 1) to disable OneDrive File Sync. 
 
@@ -756,7 +768,9 @@ To remove the News app:
 - Right-click the app in Start, and then click **Uninstall**.
 
   -or-
-
+>[!IMPORTANT]
+> If you have any issues with these commands, do a system reboot and try the scripts again.
+>
 - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
 
   -and-
@@ -881,7 +895,7 @@ Use Settings &gt; Privacy to configure some settings that may be important to yo
 
 - [18.5 Notifications](#bkmk-priv-notifications)
 
-- [18.6 Speech, inking, & typing](#bkmk-priv-speech)
+- [18.6 Speech](#bkmk-priv-speech)
 
 - [18.7 Account info](#bkmk-priv-accounts)
 
@@ -895,19 +909,23 @@ Use Settings &gt; Privacy to configure some settings that may be important to yo
 
 - [18.12 Messaging](#bkmk-priv-messaging)
 
-- [18.13 Radios](#bkmk-priv-radios)
+- [18.13 Phone Calls](#bkmk-priv-phone-calls)
 
-- [18.14 Other devices](#bkmk-priv-other-devices)
+- [18.14 Radios](#bkmk-priv-radios)
 
-- [18.15 Feedback & diagnostics](#bkmk-priv-feedback)
+- [18.15 Other devices](#bkmk-priv-other-devices)
 
-- [18.16 Background apps](#bkmk-priv-background)
+- [18.16 Feedback & diagnostics](#bkmk-priv-feedback)
 
-- [18.17 Motion](#bkmk-priv-motion)
+- [18.17 Background apps](#bkmk-priv-background)
 
-- [18.18 Tasks](#bkmk-priv-tasks)
+- [18.18 Motion](#bkmk-priv-motion)
 
-- [18.19 App Diagnostics](#bkmk-priv-diag)
+- [18.19 Tasks](#bkmk-priv-tasks)
+
+- [18.20 App Diagnostics](#bkmk-priv-diag)
+
+- [18.21 Inking & Typing](#bkmk-priv-ink)
 
 ### <a href="" id="bkmk-general"></a>18.1 General
 
@@ -924,15 +942,15 @@ To turn off **Let apps use advertising ID to make ads more interesting to you ba
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
 
   -or-
 
-- Create a REG\_DWORD registry setting named **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **Enabled** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo** with a value of 0 (zero).
 
-  -or-
+  -and-
 
-- Create a REG\_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
 
 To turn off **Let websites provide locally relevant content by accessing my language list**:
 
@@ -940,7 +958,7 @@ To turn off **Let websites provide locally relevant content by accessing my lang
 
   -or-
 
-- Create a new REG\_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile** with a value of 1.
+- Create a new REG_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY_CURRENT_USER\\Control Panel\\International\\User Profile** with a value of 1.
 
 To turn off **Let Windows track app launches to improve Start and search results**:
 
@@ -948,7 +966,7 @@ To turn off **Let Windows track app launches to improve Start and search results
 
   -or-
 
-- Create a REG_DWORD registry setting named **Start_TrackProgs** in **HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced** with value of 0 (zero).
+- Create a REG_DWORD registry setting named **Start_TrackProgs** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced** with value of 0 (zero).
 
 #### Windows Server 2016 and Windows 10, version 1607 and earlier options
 
@@ -961,15 +979,15 @@ To turn off **Let apps use my advertising ID for experiences across apps (turnin
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
+
+ -or-
+
+- Create a REG_DWORD registry setting named **Enabled** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo** with a value of 0 (zero).
 
   -or-
 
-- Create a REG\_DWORD registry setting named **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo** with a value of 0 (zero).
-
-  -or-
-
-- Create a REG\_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
 
 To turn off **Turn on SmartScreen Filter to check web content (URLs) that Microsoft Store apps use**:
 
@@ -977,30 +995,22 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros
 
   -or-
 
-- Create a provisioning package, using:
-  - For Internet Explorer: **Runtime settings > Policies > Browser > AllowSmartScreen**
-  - For Microsoft Edge: **Runtime settings > Policies > MicrosoftEdge > AllowSmartScreen**
-
-  -or-
-
-- Create a REG_DWORD registry setting named **EnableWebContentEvaluation** in **HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **EnableWebContentEvaluation** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost** with a value of 0 (zero).
 
 To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
 
 > [!NOTE]
 > If the diagnostic data level is set to either **Basic** or **Security**, this is turned off automatically.
 
-
-
 - Turn off the feature in the UI.
 
   -or-
 
 - Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
 
-  - **0**. Not allowed
+    - **0**. Not allowed
 
-  - **1**. Allowed (default)
+    - **1**. Allowed (default)
 
 To turn off **Let websites provide locally relevant content by accessing my language list**:
 
@@ -1008,7 +1018,7 @@ To turn off **Let websites provide locally relevant content by accessing my lang
 
   -or-
 
-- Create a new REG\_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile** with a value of 1.
+- Create a new REG_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY_CURRENT_USER\\Control Panel\\International\\User Profile** with a value of 1.
 
 To turn off **Let apps on my other devices open apps and continue experiences on this devices**:
 
@@ -1020,7 +1030,7 @@ To turn off **Let apps on my other devices open apps and continue experiences on
 
   -or-
 
-- Create a REG\_DWORD registry setting named **EnableCdp** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **EnableCdp** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a value of 0 (zero).
 
 To turn off **Let apps on my other devices use Bluetooth to open apps and continue experiences on this device**:
 
@@ -1036,46 +1046,39 @@ To turn off **Location for this device**:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessLocation** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
   -or-
 
 - Apply the System/AllowLocation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
-  - **0**. Turned off and the employee can't turn it back on.
+    - **0**. Turned off and the employee can't turn it back on.
 
-  - **1**. Turned on, but lets the employee choose whether to use it. (default)
+    - **1**. Turned on, but lets the employee choose whether to use it. (default)
 
-  - **2**. Turned on and the employee can't turn it off.
+    - **2**. Turned on and the employee can't turn it off.
 
     > [!NOTE]
     > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx).
 
-  -or-
-
-- Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowLocation**, where
-
-  - **No**. Turns off location service.
-
-  - **Yes**. Turns on location service. (default)
-
 To turn off **Location**:
 
 - Turn off the feature in the UI.
-
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location**
+  
+  -or-
+  
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location**
 
   - Set the **Select a setting** box to **Force Deny**.
 
   -or-
 
-- Create a REG\_DWORD registry setting named **DisableLocation** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **DisableLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one).
 
-  -or-
 
 To turn off **Location history**:
 
@@ -1101,26 +1104,19 @@ To turn off **Let apps use my camera**:
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessCamera** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessCamera** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
   -or-
 
 - Apply the Camera/AllowCamera MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
-  - **0**. Apps can't use the camera.
+    - **0**. Apps can't use the camera.
 
-  - **1**. Apps can use the camera.
+    - **1**. Apps can use the camera.
 
     > [!NOTE]
     > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx).
 
-  -or-
-
-- Create a provisioning package with use Windows ICD, using **Runtime settings** &gt; **Policies** &gt; **Camera** &gt; **AllowCamera**, where:
-
-  - **0**. Apps can't use the camera.
-
-  - **1**. Apps can use the camera.
 
 To turn off **Choose apps that can use your camera**:
 
@@ -1144,13 +1140,13 @@ To turn off **Let apps use my microphone**:
 
 -  Apply the Privacy/LetAppsAccessMicrophone MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmicrophone), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+    - **0**. User in control
+    - **1**. Force allow
+    - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
+- Create a REG_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
 
 To turn off **Choose apps that can use your microphone**:
 
@@ -1169,15 +1165,15 @@ To turn off notifications network usage:
 
   -or-
 
-- Create a REG\_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one)
+- Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one)
 
   -or-
 
 
 - Apply the Notifications/DisallowCloudNotification MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification), where:
 
-  - **0**. WNS notifications allowed
-  - **1**. No WNS notifications allowed
+    - **0**. WNS notifications allowed
+    - **1**. No WNS notifications allowed
 
 In the **Notifications** area, you can also choose which apps have access to notifications.
 
@@ -1195,55 +1191,33 @@ To turn off **Let apps access my notifications**:
 
 -  Apply the Privacy/LetAppsAccessNotifications MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessnotifications), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+     - **0**. User in control
+     - **1**. Force allow
+     - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
+- Create a REG_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
 
-### <a href="" id="bkmk-priv-speech"></a>18.6 Speech, inking, & typing
+### <a href="" id="bkmk-priv-speech"></a>18.6 Speech
 
-In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
+In the **Speech** area, you can configure the functionality as such: 
 
-> [!NOTE]
-> For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
+To turn off streaming audio to Microsoft Speech services,
 
-To turn off the functionality:
-
-- Click the **Stop getting to know me** button, and then click **Turn off**.
+- Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off** 
 
   -or-
 
-- Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Regional and Language Options** &gt; **Handwriting personalization** &gt; **Turn off automatic learning**
+- **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Control Panel > Regional and Language Options > Allow users to enable online speech recognition services** 
 
   -or-
 
-- Create a REG\_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one).
+- Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP to **0 - Not allowed**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Personalization\\Settings** with a value of 0 (zero).
-
-   -and-
-
--  Create a REG\_DWORD registry setting named **HarvestContacts** in **HKEY\_CURRENT\_USER\\Software\\Microsoft\\InputPersonalization\\TrainedDataStore** with a value of 0 (zero).
-
-If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models:
-
-- Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatically update of Speech Data**
-
-If you're running at least Windows 10, version 1607, you can turn off updates to the speech recognition and speech synthesis models:
-
-Apply the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Speech_AllowSpeechModelUpdate), where:
-
-- **0** (default). Not allowed.
-- **1**. Allowed.
-
-  -or-
-
-- Create a REG\_DWORD registry setting named **ModelDownloadAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Preferences** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)**
 
 ### <a href="" id="bkmk-priv-accounts"></a>18.7 Account info
 
@@ -1263,13 +1237,15 @@ To turn off **Let apps access my name, picture, and other account info**:
 
 -  Apply the Privacy/LetAppsAccessAccountInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessaccountinfo), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+     - **0**. User in control
+     - **1**. Force allow
+     - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+
+
 
 To turn off **Choose the apps that can access your account info**:
 
@@ -1293,13 +1269,13 @@ To turn off **Choose apps that can access contacts**:
 
 -  Apply the Privacy/LetAppsAccessContacts MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscontacts), where:
 
-   - **0**. User in control
-   - **1**. Force allow
-   - **2**. Force deny
+     - **0**. User in control
+     - **1**. Force allow
+     - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessContacts** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessContacts** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### <a href="" id="bkmk-priv-calendar"></a>18.9 Calendar
 
@@ -1319,13 +1295,13 @@ To turn off **Let apps access my calendar**:
 
 -  Apply the Privacy/LetAppsAccessCalendar MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscalendar), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+    - **0**. User in control
+    - **1**. Force allow
+    - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessCalendar** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessCalendar** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 To turn off **Choose apps that can access calendar**:
 
@@ -1349,13 +1325,13 @@ To turn off **Let apps access my call history**:
 
   -  Apply the Privacy/LetAppsAccessCallHistory MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscallhistory), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+    - **0**. User in control
+    - **1**. Force allow
+    - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### <a href="" id="bkmk-priv-email"></a>18.11 Email
 
@@ -1381,7 +1357,7 @@ To turn off **Let apps access and send email**:
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessEmail** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### <a href="" id="bkmk-priv-messaging"></a>18.12 Messaging
 
@@ -1401,13 +1377,13 @@ To turn off **Let apps read or send messages (text or MMS)**:
 
 -  Apply the Privacy/LetAppsAccessMessaging MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmessaging), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+      - **0**. User in control
+      - **1**. Force allow
+      - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessMessaging** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessMessaging** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 To turn off **Choose apps that can read or send messages**:
 
@@ -1415,13 +1391,13 @@ To turn off **Choose apps that can read or send messages**:
 
 **To turn off Message Sync** 
 
--   Create a REG\_DWORD registry setting named **AllowMessageSync** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\Messaging and set the value to 0.
+-   Create a REG_DWORD registry setting named **AllowMessageSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Messaging** and set the **value to 0 (zero)**.
    
     -or-
 
 -   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Messaging**
 
-    -   Set the **Allow Message Service Cloud** to **Disable**.
+    -   Set the **Allow Message Service Cloud Sync** to **Disable**.
 
 ### <a href="" id="bkmk-priv-phone-calls"></a>18.13 Phone calls
 
@@ -1441,13 +1417,13 @@ To turn off **Let apps make phone calls**:
 
 -  Apply the Privacy/LetAppsAccessPhone MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+      - **0**. User in control
+      - **1**. Force allow
+      - **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessPhone** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessPhone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 
 To turn off **Choose apps that can make phone calls**:
@@ -1478,7 +1454,7 @@ To turn off **Let apps control radios**:
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsAccessRadios** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessRadios** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 
 To turn off **Choose apps that can control radios**:
@@ -1491,23 +1467,19 @@ In the **Other Devices** area, you can choose whether devices that aren't paired
 
 To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
 
-- Turn off the feature in the UI.
+- Turn off the feature in the UI by going to Settings > Privacy > Other devices >  "Communicate with unpaired devices.    Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone" and **Turn it OFF**. 
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps sync with devices**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps communicate with unpaired devices** and set the **Select a setting** box to **Force Deny**.
 
   -or-
 
-- Apply the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices), where:
-
-    - **0**. User in control
-    - **1**. Force allow
-    - **2**. Force deny
+- Set the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices) to **2**. Force deny
 
   -or-
 
-- Create a REG\_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
 To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
 
@@ -1515,9 +1487,11 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access trusted devices**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access trusted devices** and set the **Select a setting** box to **Force Deny**.
 
-- Set the **Select a setting** box to **Force Deny**.
+  -or-
+
+- Create a REG_DWORD registry setting named **LetAppsAccessTrustedDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
   -or-
 
@@ -1538,24 +1512,23 @@ To change how frequently **Windows should ask for my feedback**:
 > Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
 
 
-
 - To change from **Automatically (Recommended)**, use the drop-down list in the UI.
 
   -or-
 
-- Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Do not show feedback notifications**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Do not show feedback notifications**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one).
 
   -or-
 
-- Create the registry keys (REG\_DWORD type):
+- Create the registry keys (REG_DWORD type):
 
-  - HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\PeriodInNanoSeconds
+  - HKEY_CURRENT_USER\\Software\\Microsoft\\Siuf\\Rules\\PeriodInNanoSeconds
 
-  - HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\NumberOfSIUFInPeriod
+  - HKEY_CURRENT_USER\\Software\\Microsoft\\Siuf\\Rules\\NumberOfSIUFInPeriod
 
     Based on these settings:
 
@@ -1574,11 +1547,11 @@ To change the level of diagnostic and usage data sent when you **Send your devic
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry** and select the appropriate option for your deployment.
+- **Enable** the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry** and **set it to a value of 0**.
 
   -or-
 
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry** with a value of 0-3, as appropriate for your deployment (see below for the values for each level).
+- Create a REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry** with a **value of 0**.
 
 > [!NOTE]
 > If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition.
@@ -1587,25 +1560,14 @@ To change the level of diagnostic and usage data sent when you **Send your devic
 
 - Apply the System/AllowTelemetry MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
-  - **0**. Maps to the **Security** level.
+    - **0**. Maps to the **Security** level.
 
-  - **1**. Maps to the **Basic** level.
+    - **1**. Maps to the **Basic** level.
 
-  - **2**. Maps to the **Enhanced** level.
+    - **2**. Maps to the **Enhanced** level.
 
-  - **3**. Maps to the **Full** level.
-
-  -or-
-
-- Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowTelemetry**, where:
-
-  - **0**. Maps to the **Security** level.
-
-  - **1**. Maps to the **Basic** level.
-
-  - **2**. Maps to the **Enhanced** level.
-
-  - **3**. Maps to the **Full** level.
+    - **3**. Maps to the **Full** level.
+    
 
 To turn off tailored experiences with relevant tips and recommendations by using your diagnostics data:
 
@@ -1613,7 +1575,20 @@ To turn off tailored experiences with relevant tips and recommendations by using
 
   -or-
 
-- Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences**
+
+  -or-
+
+- Create a REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of **1**
+
+  -and-
+
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
+
+  -or-
+
+- Create a REG_DWORD registry setting named **DisableTailoredExperiencesWithDiagnosticData** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of **1**
+
 
 ### <a href="" id="bkmk-priv-background"></a>18.17 Background apps
 
@@ -1621,25 +1596,23 @@ In the **Background Apps** area, you can choose which apps can run in the backgr
 
 To turn off **Let apps run in the background**:
 
-- In **Background apps**, set **Let apps run in the background** to **Off**.
+- In the **Background apps** settings page, set **Let apps run in the background** to **Off**.
 
   -or-
 
-- In **Background apps**, turn off the feature for each app.
+- In the **Background apps** settings page, turn off the feature for each app.
+
+ -or-
+
+- **Enable** the Group Policy (only applicable for Windows 10 version 1703 and above): **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps run in the background** and set the **Select a setting** box to **Force Deny**.
 
   -or-
 
-- Apply the Group Policy (only applicable for Windows 10, version 1703): **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps run in the background**
-
-  - Set the **Select a setting** box to **Force Deny**.
+- Create a REG_DWORD registry setting named **LetAppsRunInBackground** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**
 
   -or-
 
--  Apply the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground), where:
-
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+-  Set the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground) to **2 Force Deny**.
 
 > [!NOTE]
 > Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**.
@@ -1654,19 +1627,20 @@ To turn off **Let Windows and your apps use your motion data and collect motion
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access motion**
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access motion** and set the **Default for all apps** to **Force Deny**
+
+  -or-
+
+- Create a REG_DWORD registry setting named **LetAppsAccessMotion** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
   -or-
 
 -  Apply the Privacy/LetAppsAccessMotion MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmotion), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+    - **0**. User in control
+    - **1**. Force allow
+    - **2**. Force deny
 
-  -or-
-
-- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
 
 ### <a href="" id="bkmk-priv-tasks"></a>18.19 Tasks
 
@@ -1678,17 +1652,19 @@ To turn this off:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access Tasks**
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access Tasks**.  Set the **Select a setting** box to **Force Deny**.
 
-  - Set the **Select a setting** box to **Force Deny**.
+  -or-
+
+- Create a REG_DWORD registry setting named **LetAppsAccessTasks** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
   -or-
 
 -  Apply the Privacy/LetAppsAccessTasks MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesstasks), where:
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+    - **0**. User in control
+    - **1**. Force allow
+    - **2**. Force deny
 
 ### <a href="" id="bkmk-priv-diag"></a>18.20 App Diagnostics
 
@@ -1700,59 +1676,117 @@ To turn this off:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access dignostic information about other apps**
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access dignostic information about other apps**
 
   -or-
 
--  Apply the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo), where:
+- Create a REG_DWORD registry setting named **LetAppsGetDiagnosticInfo** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
-  - **0**. User in control
-  - **1**. Force allow
-  - **2**. Force deny
+  -or-
 
+-  Set the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo) to **2**. Force deny
+
+
+### <a href="" id="bkmk-priv-ink"></a>18.21 Inking & Typing
+
+In the **Inking & Typing** area you can configure the functionality as such: 
+
+To turn off Inking & Typing data collection (note: there is no Group Policy for this setting):
+
+ - In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off** 
+
+  -or-
+
+ - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
+
+  -or-
+
+ - Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP. 
+  [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) to **0** (not allowed). This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. 
+
+
+If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models:
+
+  **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
+
+  -or-
+
+ - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** 
+
+  -or-
+
+ - Set the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Speech_AllowSpeechModelUpdate) to **0**
+
+
+> [!NOTE]
+> Releases 1803 and earlier support **Speech, Inking, & Typing** as a combined settings area.  For customizing those setting please follow the below instructions.  For 1809 and above **Speech** and **Inking & Typing** are separate settings pages, please see the specific section (18.6 Speech or 18.21 Inking and Typing) above for those areas.
+
+In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
+
+  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
+
+  To turn off the functionality:
+
+  - Click the **Stop getting to know me** button, and then click **Turn off**.
+
+      -or-
+
+  - Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Regional and Language Options** &gt; **Handwriting personalization** &gt; **Turn off automatic learning**
+
+      -or-
+
+  - Create a REG_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one).
+
+      -or-
+
+  - Create a REG_DWORD registry setting named **AcceptedPrivacyPolicy** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Personalization\\Settings** with a value of 0 (zero).
+
+      -and-
+
+  -  Create a REG_DWORD registry setting named **HarvestContacts** in **HKEY_CURRENT_USER\\Software\\Microsoft\\InputPersonalization\\TrainedDataStore** with a value of **0 (zero)**.
 
 ### <a href="" id="bkmk-spp"></a>19. Software Protection Platform
 
-Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
+  Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
 
-For Windows 10:
+  **For Windows 10:**
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
+  - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
 
   -or-
 
-- Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is disabled (default) and 1 is enabled.
+  - Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 1 (Enabled)**.
 
   -or-
 
-- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
+  - Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
 
-For Windows Server 2019 or later:
+**For Windows Server 2019 or later:**
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
+  - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Validation**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
+  - Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
 
-For Windows Server 2016:
-- Create a REG\_DWORD registry setting named **NoAcquireGT** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
+**For Windows Server 2016:**
 
->[!NOTE]
->Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
+  - Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
 
-The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
+  >[!NOTE]
+  >Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
+  >The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
 
 ### <a href="" id="bkmk-storage-health"></a>20. Storage health
 
 Enterprise customers can manage updates to the Disk Failure Prediction Model.
 
 For Windows 10:
-- Disable this Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Storage Health** &gt; **Allow downloading updates to the Disk Failure Prediction Model**
+- **Disable** this Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Storage Health** &gt; **Allow downloading updates to the Disk Failure Prediction Model**
 
   -or-
 
-- Create a REG\_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a value of 0.
+- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a value of 0.
 
 ### <a href="" id="bkmk-syncsettings"></a>21. Sync your settings
 
@@ -1762,28 +1796,24 @@ You can control if your settings are synchronized:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**. Leave the "Allow users to turn syncing on" checkbox **unchecked**. 
 
   -or-
 
-- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **DisableSettingSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one).
 
   -or-
 
-- Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed.
+- Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 0 (not allowed)**.
 
-  -or-
-
-- Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **Experience** &gt; **AllowSyncMySettings**, where
-
-  - **No**. Settings are not synchronized.
-
-  - **Yes**. Settings are synchronized. (default)
 
 To turn off Messaging cloud sync:
 
--   Set the Group Policy Allow Message Service Cloud to Disable.  The Group Policy path is Computer Configuration\Administrative templates\Windows Components\Messaging\Allow Message Service Cloud
--   Create a REG\_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging** with a value of 0 (zero).
+-   Note: There is no Group Policy corresponding to this registry key.
+
+  -or-
+
+-   Create a REG_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Messaging** and set to a **value of 0 (zero)**.
 
 ### <a href="" id="bkmk-teredo"></a>22. Teredo
 
@@ -1792,15 +1822,12 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
 >[!NOTE]
 >If you disable Teredo, some XBOX gaming features and Windows Update Delivery Optimization will not work.
 
-- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** &gt; **TCPIP Settings** &gt; **IPv6 Transition Technologies** &gt; **Set Teredo State** and set it to **Disabled State**.
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** &gt; **TCPIP Settings** &gt; **IPv6 Transition Technologies** &gt; **Set Teredo State** and set it to **Disabled State**.
 
   -or-
 
-- Create a new REG\_SZ registry setting named **Teredo_State** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition** with a value of **Disabled**.
+- Create a new REG_SZ registry setting named **Teredo_State** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition** with a value of **Disabled**.
 
-  -or-
-
-- From an elevated command prompt, run **netsh interface teredo set state disabled**
 
 ### <a href="" id="bkmk-wifisense"></a>23. Wi-Fi Sense
 
@@ -1811,23 +1838,16 @@ Wi-Fi Sense automatically connects devices to known hotspots and to the wireless
 
 To turn off **Connect to suggested open hotspots** and **Connect to networks shared by my contacts**:
 
-- Turn off the feature in the UI.
+- Turn off the feature in the UI in Settings  > Network & Internet  > Wi-Fi 
 
   -or-
 
-- Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Network** &gt; **WLAN Service** &gt; **WLAN Settings** &gt; **Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services**.
+- **Disable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Network** &gt; **WLAN Service** &gt; **WLAN Settings** &gt; **Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services**.
 
   -or-
 
-- Create a new REG\_DWORD registry setting named **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config** with a value of 0 (zero).
+- Create a new REG_DWORD registry setting named **AutoConnectAllowedOEM** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config** with a **value of 0 (zero)**.
 
-  -or-
-
-- Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620909).
-
-  -or-
-
-- Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620910).
 
 When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
 
@@ -1835,67 +1855,72 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
 
 You can disconnect from the Microsoft Antimalware Protection Service.
 
-- Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **MAPS** &gt; **Join Microsoft MAPS**
+- **Enable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **MAPS** &gt; **Join Microsoft MAPS** and then select **Disabled** from the drop down box named **Join Microsoft MAPS**
 
-  -or-
+-OR-
 
-- Delete the registry setting **named** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates**.
+- Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to **0 (zero)**.
 
-  -or-
+-OR-
 
 - For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
-  -or-
-
-- Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to 0 (zero).
-
-  -and-
-
-    From an elevated Windows PowerShell prompt, run **set-mppreference -Mapsreporting 0**
 
 You can stop sending file samples back to Microsoft.
 
-- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **MAPS** &gt; **Send file samples when further analysis is required** to **Always Prompt** or **Never Send**.
+- **Enable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **MAPS** &gt; **Send file samples when further analysis is required** to **Never Send**.
 
   -or-
 
-- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender), where:
-
-  - **0**. Always prompt.
-
-  - **1**. (default) Send safe samples automatically.
-
-  - **2**. Never send.
-
-  - **3**. Send all samples automatically.
+- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) to **2 (two) for Never Send**.
 
   -or-
 
-- Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to 0 (zero) to always prompt or 2 to never send.
+- Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to **2 (two) for Never Send**.
 
-You can stop downloading definition updates:
 
-- Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **Signature Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
+You can stop downloading **Definition Updates**:
+
+- **Enable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **Signature Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
 
   -and-
 
-- Disable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
+- **Disable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to **Nothing**.
 
   -or-
 
-- Create a new REG\_SZ registry setting named **FallbackOrder** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates** with a value of **FileShares**.
+- Create a new REG_SZ registry setting named **FallbackOrder** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Signature Updates** with a value of **FileShares**.
 
-For Windows 10 only, you can stop Enhanced Notifications:
+  -and-
 
-- Turn off the feature in the UI.
+- **Remove** the **DefinitionUpdateFileSharesSources** reg value if it exists under **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Signature Updates** 
+
+
+You can turn off **Malicious Software Reporting Tool diagnostic data**:
+
+- Set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to **1**.
+
+**Note:** There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data. 
+
+
+You can turn off **Enhanced Notifications** as follows:
+
+- Set in the UI: Settings -> Update & Security -> Windows Security -> Virus & Threat Protection ->  Virus & Threat Protection Manage Settings -> scroll to bottom for Notifications, click Change Notifications Settings -> Notifications -> click Manage Notifications ->  Turn off General Notifications
+
+  -or-
+
+- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender Antivirus** &gt; **Reporting**.  
+
+  -or-
+
+- Create a new REG_SZ registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**.
 
-You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
 
 ### <a href="" id="bkmk-defender-smartscreen"></a>24.1 Windows Defender SmartScreen
 
 To disable Windows Defender Smartscreen:
 
-- In Group Policy, configure - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** : **Disable**
+- In Group Policy, configure - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled**
 
    -and-
 
@@ -1903,137 +1928,148 @@ To disable Windows Defender Smartscreen:
 
    -and-
 
-- **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure app install control** : **Enable**
+- **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure app install control** : **Enable**, and select **Turn off app recommendations**
 
-  -or-
+-OR-
 
-- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\Sofware\Policies\Microsoft\Windows\System** with a value of 0 (zero).
+- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\\Sofware\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**.
 
    -and-
 
-- Create a REG_DWORD registry setting named **ConfigureAppInstallControlEnabled** in **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen** with a value of 1.
- 
+- Create a REG_DWORD registry setting named **ConfigureAppInstallControlEnabled** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a **value of 1**.
+
    -and-
 
-- Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen** with a value of **Anywhere**.
+- Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**.
 
-  -or-
+-OR-
 
-- Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
+- Set the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to **0 (turned Off)**.
 
-### <a href="" id="bkmk-wmp"></a>25. Windows Media Player
 
-To remove Windows Media Player on Windows 10:
-
-- From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
-
-  -or-
-
-- Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
-
-To remove Windows Media Player on Windows Server 2016:
-
-- Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
-
-### <a href="" id="bkmk-spotlight"></a>26. Windows Spotlight
+### <a href="" id="bkmk-spotlight"></a>25. Windows Spotlight
 
 Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy.
 
-If you're running Windows 10, version 1607 or later, you only need to enable the following Group Policy:
+If you're running Windows 10, version 1607 or later, you need to: 
 
-- **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features**
+- **Enable** the following Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features**
 
     > [!NOTE]
     > This must be done within 15 minutes after Windows 10 is installed. Alternatively, you can create an image with this setting.
 
-  -or-
+   -or-
 
 - For Windows 10 only, apply the Experience/AllowWindowsSpotlight MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience), with a value of 0 (zero).
 
-  -or-
+   -or-
 
-- Create a new REG\_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
+- Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
 
 
--and-
+-AND-
 
 
-- **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the Lock Screen**
+- Enable the following Group Policy **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the Lock Screen**
 
- -or-
+   -or-
 
--   Create a new REG\_DWORD registry setting named **NoLockScreen** in **HKEY\Local\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of 1 (one).
+- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_Local_Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)**
 
-If you're not running Windows 10, version 1607 or later, you can use the other options in this section.
 
-- Configure the following in **Settings**:
+-AND-
 
-  - **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**.
 
-  - **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.
+- Configure the following in **Settings** UI:
 
-  - **System** &gt; **Notifications & actions** &gt; **Show me tips about Windows**.
+  - **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**
 
-  -or-
+  - **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**
+
+  - **System** &gt; **Notifications & actions** &gt; **Show me tips about Windows**
+
+   -or-
 
 - Apply the Group Policies:
 
-  - **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
-     - Add a location in the **Path to local lock screen image** box.
+  - **Enable** the **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image and logon image** Group Policy. 
+     - Add **C:\\windows\\web\\screen\\lockscreen.jpg** as the location in the **Path to local lock screen image** box.
 
-     - Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
+     - Check the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
 
        > [!NOTE]
-       > This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**. Alternatively, you can create a new REG\_SZ registry setting named **LockScreenImage** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG\_DWORD registry setting named **LockScreenOverlaysDisabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of 1 (one).
+       > This will only take effect if the policy is applied before the first logon. 
+       > If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, 
+       > you can **Enable** the **Do not display the lock screen** policy under **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** 
+
+       > Alternatively, you can create a new REG_SZ registry setting named **LockScreenImage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** 
+       > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in 
+       > **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **1 (one)**.
+
+       > The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. 
 
 
-  - **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows tips**.
+-AND-
 
-  -or-
 
-  - Create a new REG\_DWORD registry setting named **DisableSoftLanding** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
+  - Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows tips** to **Enabled** 
 
-  - **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences**.
+    -or-
 
-  -or-
+  - Create a new REG_DWORD registry setting named **DisableSoftLanding** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
 
-  - Create a new REG\_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
 
-  -   This policy setting controls whether the lock screen appears for users.  The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen.
+-AND-
 
-  -       If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.
 
-  -       If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
+  - Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences** to **Enabled**
+
+    -or-
+
+  - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
+   
+ 
+This policy setting controls whether the lock screen appears for users.  The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen.
+
+If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.
+
+If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
 
 
 For more info, see [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight).
 
-### <a href="" id="bkmk-windowsstore"></a>27. Microsoft Store
+### <a href="" id="bkmk-windowsstore"></a>26. Microsoft Store
 
 You can turn off the ability to launch apps from the Microsoft Store that were preinstalled or downloaded.
 This will also turn off automatic app updates, and the Microsoft Store will be disabled.
 In addition, new email accounts cannot be created by clicking **Settings** > **Accounts** > **Email & app accounts** > **Add an account**.
 On Windows Server 2016, this will block Microsoft Store calls from Universal Windows Apps.
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Microsoft Store**.
+- **Disable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Microsoft Store**.
 
   -or-
 
-  - Create a new REG\_DWORD registry setting named **DisableStoreApps** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 1 (one).
+- Create a new REG_DWORD registry setting named **DisableStoreApps** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 1 (one).
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Turn off Automatic Download and Install of updates**.
+-AND-
+
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Turn off Automatic Download and Install of updates**.
 
   -or-
 
-  - Create a new REG\_DWORD registry setting named **AutoDownload** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 2 (two).
+- Create a new REG_DWORD registry setting named **AutoDownload** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 2 (two).
 
-### <a href="" id="bkmk-apps-for-websites"></a>27.1 Apps for websites
+### <a href="" id="bkmk-apps-for-websites"></a>26.1 Apps for websites
 
 You can turn off apps for websites, preventing customers who visit websites that are registered with their associated app from directly launching the app.
 
-Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
 
-### <a href="" id="bkmk-updates"></a>28. Windows Update Delivery Optimization
+  -or-
+
+- Create a new REG_DWORD registry setting named **EnableAppUriHandlers** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**.
+
+### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization
 
 Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
 
@@ -2041,33 +2077,39 @@ By default, PCs running Windows 10 Enterprise and Windows 10 Education will only
 
 Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
 
-In Windows 10, version 1607, you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Simple** (99) or **Bypass** (100), as described below.
+In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to  **Bypass** (100), as described below.
 
-### <a href="" id="bkmk-wudo-ui"></a>28.1 Settings &gt; Update & security
+### <a href="" id="bkmk-wudo-ui"></a>27.1 Settings &gt; Update & security
 
 You can set up Delivery Optimization from the **Settings** UI.
 
 - Go to **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Choose how updates are delivered**.
 
-### <a href="" id="bkmk-wudo-gp"></a>28.2 Delivery Optimization Group Policies
+### <a href="" id="bkmk-wudo-gp"></a>27.2 Delivery Optimization Group Policies
 
 You can find the Delivery Optimization Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization**.
 
 | Policy                    | Description                                                                                         |
 |---------------------------|-----------------------------------------------------------------------------------------------------|
-| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>Simple</strong>. Simple download mode with no peering.</p></li><li><p><strong>Bypass</strong>. Use BITS instead of Windows Update Delivery Optimization.Set to Bypass to restrict traffic.</p></li></ul>|
+| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>Simple</strong>. Simple download mode with no peering.</p></li><li><p><strong>Bypass</strong>. Use BITS instead of Windows Update Delivery Optimization. **Set to Bypass** to restrict traffic.</p></li></ul>|
 | Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> **Note:** This ID must be a GUID.|
 | Max Cache Age             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
 | Max Cache Size            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
 | Max Upload Bandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
 
-Set the Delivery Optimization Group Policy to "Bypass" to prevent traffic.  Alternatively, you can set the **Download Mode** policy by creating a new REG\_DWORD registry setting named **DODownloadMode** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of 100 (one hundred).
+### <a href="" id="bkmk-wudo-mdm"></a>27.3 Delivery Optimization
 
-### <a href="" id="bkmk-wudo-mdm"></a>28.3 Delivery Optimization MDM policies
+- **Enable** the **Download Mode** Group Policy under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization** and set the **Download Mode** to **"Bypass"** to prevent traffic.
+
+-or-
+
+- Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **100 (one hundred)**. 
+
+### <a href="" id="bkmk-wudo-mdm"></a>27.4 Delivery Optimization MDM policies
 
 The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
-| Policy                    | Description                                                                                         |
+| MDM Policy                | Description                                                                                         |
 |---------------------------|-----------------------------------------------------------------------------------------------------|
 | DeliveryOptimization/DODownloadMode            | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>99</strong>. Simple download mode with no peering.</p></li><li><p><strong>100</strong>. Use BITS instead of Windows Update Delivery Optimization.</p></li></ul>|
 | DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> **Note** This ID must be a GUID.|
@@ -2076,52 +2118,54 @@ The following Delivery Optimization MDM policies are available in the [Policy CS
 | DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
 
 
-### <a href="" id="bkmk-wudo-prov"></a>28.4 Delivery Optimization Windows Provisioning
-
-If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
-
-Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
-
-1.  Open Windows ICD, and then click **New provisioning package**.
-
-2.  In the **Name** box, type a name for the provisioning package, and then click **Next.**
-
-3.  Click the **Common to all Windows editions** option, click **Next**, and then click **Finish**.
-
-4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
-
 For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
 
-### <a href="" id="bkmk-wu"></a>29. Windows Update
+### <a href="" id="bkmk-wu"></a>28. Windows Update
 
 You can turn off Windows Update by setting the following registry entries:
 
-- Add a REG\_DWORD value named **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+- Add a REG_DWORD value named **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
 
   -and-
 
-- Add a REG\_DWORD value named **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+- Add a REG_DWORD value named **DisableWindowsUpdateAccess** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
 
   -and-
 
-- Add a REG\_DWORD value named **UseWUServer** to **HKEY\_LOCAL\_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU** and set the value to 1.
-
-  -or-
-
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Do not connect to any Windows Update Internet locations**.
+- Add a REG_SZ value named **WUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**. 
 
   -and-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off access to all Windows Update features**.
+- Add a REG_SZ value named **WUStatusServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**. 
 
   -and-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Specify intranet Microsoft update service location** and set the **Set the alternate download server** to " ".
+- Add a REG_SZ value named **UpdateServiceUrlAlternate** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**. 
+
+  -and-
+
+- Add a REG_DWORD value named **UseWUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate\\AU** and set the value to 1.
+
+-OR-
+
+- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Do not connect to any Windows Update Internet locations** to **Enabled** 
+
+  -and-
+
+- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off access to all Windows Update features** to **Enabled**
+
+  -and-
+
+- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Specify intranet Microsoft update service location** to **Enabled** and ensure all Option settings (Intranet Update Service, Intranet Statistics Server, Alternate Download Server) are set to **" "** 
+
+  -and-
+
+- Set the Group Policy **User Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Remove access to use all Windows Update features** to **Enabled** and then set **Computer Configurations** to **0 (zero)**.  
 
 
 You can turn off automatic updates by doing one of the following. This is not recommended.
 
-- Add a REG\_DWORD value named **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
+- Add a REG_DWORD value named **AutoDownload** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
 
   -or-
 
@@ -2139,5 +2183,12 @@ You can turn off automatic updates by doing one of the following. This is not re
 
   - **5**. Turn off automatic updates.
 
+For China releases of Windows 10 there is one additional Regkey to be set to prevent traffic:
+
+- Add a REG_DWORD value named **HapDownloadEnabled** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LexiconUpdate\\loc_0804** and set the value to 0.
+
+
+
+
 To learn more, see [Device update management](https://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](https://technet.microsoft.com/library/cc720539.aspx).
 
diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
index b6be3b5acd..1df90d39e0 100644
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@@ -98,7 +98,7 @@ We used the following methodology to derive these network endpoints:
 | *.e-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
 | *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
 | *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
-| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. |
+| \*.tlu.dl.delivery.mp.microsoft.com/\* | HTTP | Enables connections to Windows Update. |
 | *geo-prod.dodsp.mp.microsoft.com.nsatc.net	| HTTPS |	Enables connections to Windows Update. |
 | arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. |
diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml
index 72407b6ba9..1f3fe84925 100644
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@@ -32,6 +32,8 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='360msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>May 14, 2019 <br>01:18 PM PT</td></tr>
       <tr><td><div id='191msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#191msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='235msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. <br><br><a href = '#235msgdesc'>See details ></a></td><td>OS Build 14393.2879<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489889' target='_blank'>KB4489889</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='241msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -60,6 +62,24 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493473\" target=\"_blank\">KB4493473</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4494440\" target=\"_blank\">KB4494440</a>.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
+      </table>
+      "
+
 - title: March 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml
index a32bfe383c..39479053c8 100644
--- a/windows/release-information/resolved-issues-windows-10-1703.yml
+++ b/windows/release-information/resolved-issues-windows-10-1703.yml
@@ -32,6 +32,7 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 15063.1784<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
       <tr><td><div id='190msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#190msgdesc'>See details ></a></td><td>OS Build 15063.1689<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489871' target='_blank'>KB4489871</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='234msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. <br><br><a href = '#234msgdesc'>See details ></a></td><td>OS Build 15063.1716<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489888' target='_blank'>KB4489888</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='222msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#222msgdesc'>See details ></a></td><td>OS Build 15063.1563<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480973' target='_blank'>KB4480973</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -57,6 +58,15 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 15063.1784<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: March 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml
index e030af13f9..bba8c8dac9 100644
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@@ -32,7 +32,9 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
-      <tr><td><div id='189msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#189msgdesc'>See details ></a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='361msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#361msgdesc'>See details ></a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>May 14, 2019 <br>01:18 PM PT</td></tr>
+      <tr><td><div id='347msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#347msgdesc'>See details ></a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='233msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. <br><br><a href = '#233msgdesc'>See details ></a></td><td>OS Build 16299.1059<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489890' target='_blank'>KB4489890</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='221msg'></div><b>MSXML6 causes applications to stop responding if an exception was thrown</b><br>MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#221msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='143msg'></div><b>Stop error when attempting to start SSH from WSL</b><br>A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.<br><br><a href = '#143msgdesc'>See details ></a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -57,12 +59,30 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='361msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4499179\" target=\"_blank\">KB4499179</a>.</div><br><a href ='#361msg'>Back to top</a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
+      </table>
+      "
+
 - title: March 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='189msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489886\" target=\"_blank\">KB4489886</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><br><a href ='#189msg'>Back to top</a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='347msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489886\" target=\"_blank\">KB4489886</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><br><a href ='#347msg'>Back to top</a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='233msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue is resolved in <a href=\"https://support.microsoft.com/help/4493441\" target=\"_blank\">KB4493441</a>.</div><br><a href ='#233msg'>Back to top</a></td><td>OS Build 16299.1059<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489890' target='_blank'>KB4489890</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 19, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='143msgdesc'></div><b>Stop error when attempting to start SSH from WSL</b><div>After applying <a href=\"https://support.microsoft.com/help/4489886\" target=\"_blank\">KB4489886</a>, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue is resolved in <a href=\"https://support.microsoft.com/help/4493441\" target=\"_blank\">KB4493441</a>.</div><br><a href ='#143msg'>Back to top</a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml
index 8eaaa3f3c9..648957035b 100644
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@@ -32,6 +32,8 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='362msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#362msgdesc'>See details ></a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
       <tr><td><div id='188msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#188msgdesc'>See details ></a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='232msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. <br><br><a href = '#232msgdesc'>See details ></a></td><td>OS Build 17134.677<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489894' target='_blank'>KB4489894</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='194msg'></div><b>First character of the Japanese era name not recognized</b><br>The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.<br><br><a href = '#194msgdesc'>See details ></a></td><td>OS Build 17134.556<br><br>January 15, 2019<br><a href ='https://support.microsoft.com/help/4480976' target='_blank'>KB4480976</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4487029' target='_blank'>KB4487029</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -62,6 +64,24 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='362msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493437\" target=\"_blank\">KB4493437</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4499167\" target=\"_blank\">KB4499167</a>.</div><br><a href ='#362msg'>Back to top</a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
+      </table>
+      "
+
 - title: March 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index 9e6e80d5cc..855e793e90 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -32,6 +32,12 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='377msg'></div><b>Windows 10, version 1809 update history may show an update installed twice</b><br>Some customers are reporting that KB4494441 installed twice on their device<br><br><a href = '#377msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>02:37 PM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='373msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#373msgdesc'>See details ></a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
+      <tr><td><div id='355msg'></div><b>Latest cumulative update (KB 4495667) installs automatically</b><br>Reports that the optional cumulative update (KB 4495667) installs automatically.<br><br><a href = '#355msgdesc'>See details ></a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 08, 2019 <br>03:37 PM PT</td></tr>
+      <tr><td><div id='352msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809<br><br><a href = '#352msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 08, 2019 <br>03:30 PM PT</td></tr>
+      <tr><td><div id='349msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#349msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>May 03, 2019 <br>12:40 PM PT</td></tr>
       <tr><td><div id='231msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 17763.404<br><br>April 02, 2019<br><a href ='https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='240msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='219msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#219msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -65,11 +71,24 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='377msgdesc'></div><b>Windows 10, version 1809 update history may show an update installed twice</b><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809</li></ul><div></div><div><strong>Cause:</strong></div><div>In certain situations, installing an update requires multiple download and restart steps. In cases where two intermediate steps of the installation complete successfully, the <strong>View your Update history</strong> page will report that installation completed successfully twice.&nbsp;</div><div><br></div><div><strong>Resolution:</strong></div><div>No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. We are working on improving this update experience to ensure the <strong>Update history</strong> correctly reflects the installation of the latest cumulative update (LCU).</div><br><a href ='#377msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 16, 2019 <br>02:37 PM PT<br><br>Opened:<br>May 14, 2019 <br>02:56 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='373msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4495667\" target=\"_blank\">KB4495667</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4494441\" target=\"_blank\">KB4494441</a>.</div><br><a href ='#373msg'>Back to top</a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 14, 2019 <br>01:19 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='355msgdesc'></div><b>Latest cumulative update (KB 4495667) installs automatically</b><div>Due to a servicing side issue some users were offered <a href=\"https://support.microsoft.com/help/4495667\" target=\"_blank\">KB4495667</a> (optional update) automatically and rebooted devices.  This issue has been mitigated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>:<strong> </strong>This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.</div><div> </div><br><a href ='#355msg'>Back to top</a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 08, 2019 <br>03:37 PM PT<br><br>Opened:<br>May 05, 2019 <br>12:01 PM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='352msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).</div><div><br></div><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> ArcaBit has released an update to address this issue for affected platforms. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">ArcaBit support article</a>.</div><div><br></div><div><strong>Resolution:</strong> This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).</div><br><a href ='#352msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 08, 2019 <br>03:30 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 17763.404<br><br>April 02, 2019<br><a href ='https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 02, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
@@ -79,6 +98,7 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='349msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites</div><ol><li>Go to <strong>Tools &gt; Internet options </strong>&gt;<strong> Security</strong>.</li><li>Within <strong>Select a zone to view of change security settings</strong>, select <strong>Local intranet</strong> and then select <strong>Enable Protected Mode</strong>.</li><li>Select <strong>Trusted Sites</strong> and then select <strong>Enable Protected Mode</strong>.&nbsp;</li><li>Select&nbsp;<strong>OK</strong>.</li></ol><div>You must restart the browser after making these changes.</div><div><br></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4495667\" target=\"_blank\">KB4495667</a>.</div><br><a href ='#349msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved:<br>May 03, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='158msgdesc'></div><b>Apps may stop working after selecting an audio output device other than the default</b><div>After installing <a href=\"https:\\\\support.microsoft.com\\help\\4482887\" target=\"_blank\">KB4482887</a> on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the \"Default Audio Device\". Examples of applications that may stop working include:&nbsp;</div><ul><li>Windows Media Player&nbsp;</li><li>Realtek HD Audio Manager&nbsp;</li><li>Sound Blaster Control Panel&nbsp;</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4490481\" target=\"_blank\">KB4490481</a>.&nbsp;</div><br><a href ='#158msg'>Back to top</a></td><td>OS Build 17763.348<br><br>March 01, 2019<br><a href ='https://support.microsoft.com/help/4482887' target='_blank'>KB4482887</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved:<br>April 02, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 01, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
index d034127b65..31f6940a15 100644
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -32,6 +32,10 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='372msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#372msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:23 PM PT</td></tr>
+      <tr><td><div id='370msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#370msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:22 PM PT</td></tr>
+      <tr><td><div id='366msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#366msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
+      <tr><td><div id='357msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#357msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>May 14, 2019 <br>01:17 PM PT</td></tr>
       <tr><td><div id='268msg'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><br>Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.<br><br><a href = '#268msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='262msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#262msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480970' target='_blank'>KB4480970</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='266msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#266msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -60,6 +64,9 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='372msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#372msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:23 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='370msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#370msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:22 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='366msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#366msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='268msgdesc'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><div>Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a> and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> Avast has released emergency updates to address this issue. For more information and AV update schedule, see the <a href=\"https://kb.support.business.avast.com/GetPublicArticle?title=Windows-machines-running-Avast-for-Business-and-Cloud-Care-Freezing-on-Start-up\" target=\"_blank\">Avast support KB article</a>.</div><br><a href ='#268msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
@@ -69,6 +76,7 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='357msgdesc'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4499164\" target=\"_blank\">KB4499164</a>.</div><br><a href ='#357msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='266msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><br><a href ='#266msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='267msgdesc'></div><b>NETDOM.EXE fails to run</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><br><a href ='#267msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
index 1ef62bfe75..ee156496ae 100644
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
@@ -32,6 +32,10 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='371msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#371msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:22 PM PT</td></tr>
+      <tr><td><div id='369msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#369msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:22 PM PT</td></tr>
+      <tr><td><div id='365msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#365msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
       <tr><td><div id='284msg'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><br>Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.<br><br><a href = '#284msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='273msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#273msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='274msg'></div><b>MSXML6 may cause applications to stop responding.</b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#274msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -55,11 +59,23 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='371msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#371msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:22 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='369msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#369msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:22 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='365msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#365msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='284msgdesc'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><div>Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446 </a>and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution</strong>: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the <a href=\"https://kb.support.business.avast.com/GetPublicArticle?title=Windows-machines-running-Avast-for-Business-and-Cloud-Care-Freezing-on-Start-up\" target=\"_blank\">Avast support KB article</a>.</div><br><a href ='#284msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
index fe19c4b36e..ce9f607c54 100644
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
@@ -32,6 +32,9 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='368msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#368msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
+      <tr><td><div id='364msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#364msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
+      <tr><td><div id='359msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#359msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499149' target='_blank'>KB4499149</a></td><td>May 14, 2019 <br>01:18 PM PT</td></tr>
       <tr><td><div id='295msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#295msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487023' target='_blank'>KB4487023</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='299msg'></div><b>NETDOM.EXE fails to run</b><br>NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.<br><br><a href = '#299msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='296msg'></div><b>First character of the Japanese era name not recognized as an abbreviation</b><br>The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.<br><br><a href = '#296msgdesc'>See details ></a></td><td>January 17, 2019<br><a href ='https://support.microsoft.com/help/4480974' target='_blank'>KB4480974</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>March 12, 2019 <br>10:00 AM PT</td></tr>
@@ -50,11 +53,22 @@ sections:
         <div>
         </div> 
       "
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='368msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#368msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:19 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      </table>
+      "
+
 - title: March 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='359msgdesc'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><div>After installing <a href=\"https://support.microsoft.com/help/4489880\" target=\"_blank\">KB4489880</a>, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href=\"https://support.microsoft.com/help/4499149\" target=\"_blank\">KB4499149</a>.</div><br><a href ='#359msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499149' target='_blank'>KB4499149</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='299msgdesc'></div><b>NETDOM.EXE fails to run</b><div>After installing <a href=\"https://support.microsoft.com/help/4489880\" target=\"_blank\">KB4489880</a>, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution</strong>: This issue is resolved in <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><br><a href ='#299msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml
index b2a7ce07c1..29b626f7e4 100644
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ b/windows/release-information/resolved-issues-windows-server-2012.yml
@@ -32,6 +32,9 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='367msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#367msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
+      <tr><td><div id='363msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#363msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
       <tr><td><div id='308msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#308msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='307msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#307msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='315msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#315msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487025' target='_blank'>KB4487025</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@@ -53,6 +56,25 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
+- title: April 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='367msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#367msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='363msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#363msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:19 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      </table>
+      "
+
 - title: February 2019
 - items:
   - type: markdown
diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml
index 3cab3fb9e9..06f6038d30 100644
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@@ -60,10 +60,8 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>OS Build 10240.18210<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498353' target='_blank'>KB4498353</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
       <tr><td><div id='323msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#323msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='224msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). <br><br><a href = '#224msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='192msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#192msgdesc'>See details ></a></td><td>OS Build 10240.18158<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489872' target='_blank'>KB4489872</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='331msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#331msgdesc'>See details ></a></td><td>OS Build 10240.18132<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487018' target='_blank'>KB4487018</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -74,21 +72,12 @@ sections:
         <div>
         </div> 
       "
-- title: March 2019
+- title: May 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='192msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489872\" target=\"_blank\">KB4489872</a>, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4493475\" target=\"_blank\">KB4493475</a>.</div><br><a href ='#192msg'>Back to top</a></td><td>OS Build 10240.18158<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489872' target='_blank'>KB4489872</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='331msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493475\" target=\"_blank\">KB4493475</a>.&nbsp;</div><br><a href ='#331msg'>Back to top</a></td><td>OS Build 10240.18132<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487018' target='_blank'>KB4487018</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>OS Build 10240.18210<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498353' target='_blank'>KB4498353</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
       </table>
       "
 
@@ -98,6 +87,5 @@ sections:
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='323msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#323msg'>Back to top</a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='224msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480962\" target=\"_blank\">KB4480962</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href=\"https://support.microsoft.com/help/4493475\" target=\"_blank\">KB4493475</a>.</div><br><a href ='#224msg'>Back to top</a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493475' target='_blank'>KB4493475</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index b22aced938..aeafa10fe1 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -60,17 +60,15 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='335msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#335msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
       <tr><td><div id='135msg'></div><b>Cluster service may fail if the minimum password length is set to greater than 14</b><br>The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.<br><br><a href = '#135msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='238msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.<br><br><a href = '#238msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='149msg'></div><b>SCVMM cannot enumerate and manage logical switches deployed on the host</b><br>For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.<br><br><a href = '#149msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='322msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#322msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='142msg'></div><b>Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM</b><br>Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.<br><br><a href = '#142msgdesc'>See details ></a></td><td>OS Build 14393.2608<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467691' target='_blank'>KB4467691</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 19, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='360msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>May 14, 2019 <br>01:18 PM PT</td></tr>
       <tr><td><div id='191msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#191msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='235msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. <br><br><a href = '#235msgdesc'>See details ></a></td><td>OS Build 14393.2879<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489889' target='_blank'>KB4489889</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='241msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='223msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode(). <br><br><a href = '#223msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='330msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#330msgdesc'>See details ></a></td><td>OS Build 14393.2791<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487026' target='_blank'>KB4487026</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -81,12 +79,22 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='335msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493473\" target=\"_blank\">KB4493473</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#335msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493473\" target=\"_blank\">KB4493473</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4494440\" target=\"_blank\">KB4494440</a>.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
       </table>
       "
 
@@ -98,16 +106,6 @@ sections:
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='238msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489882\" target=\"_blank\">KB4489882</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:</div><div><br></div><div><strong>Option 1:</strong></div><div>Open an Administrator Command prompt and type the following:</div><pre class=\"ql-syntax\" spellcheck=\"false\">Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
 </pre><div><br></div><div><strong>Option 2:</strong></div><div>Use the Windows Deployment Services UI to make the following adjustment:</div><ol><li>Open Windows Deployment Services from Windows Administrative Tools.</li><li>Expand Servers and right-click a WDS server.</li><li>Open its properties and clear the <strong>Enable Variable Window Extension</strong> box on the TFTP tab.</li></ol><div><strong>Option 3:</strong></div><div>Set the following registry value to 0:</div><div>HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension</div><div><br></div><div>Restart the WDSServer service after disabling the Variable Window Extension.</div><div><br></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#238msg'>Back to top</a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='191msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489882\" target=\"_blank\">KB4489882</a>, Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:&nbsp;</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493473\" target=\"_blank\">KB4493473</a>.&nbsp;</div><br><a href ='#191msg'>Back to top</a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='235msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4493470\" target=\"_blank\">KB4493470</a>.</div><br><a href ='#235msg'>Back to top</a></td><td>OS Build 14393.2879<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489889' target='_blank'>KB4489889</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 19, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='330msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493470\" target=\"_blank\">KB4493470</a>.&nbsp;</div><br><a href ='#330msg'>Back to top</a></td><td>OS Build 14393.2791<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487026' target='_blank'>KB4487026</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -117,8 +115,6 @@ sections:
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; &nbsp;Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#322msg'>Back to top</a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><div>After installing <a href=\"https://support.microsoft.com/help/4480961\" target=\"_blank\">KB4480961</a>, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:</div><ul><li>Cache size and location show zero or empty.</li><li>Keyboard shortcuts may not work properly.</li><li>Webpages may intermittently fail to load or render correctly.</li><li>Issues with credential prompts.</li><li>Issues when downloading files.</li></ul><div></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2;&nbsp;Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href=\"https://support.microsoft.com/help/4493470\" target=\"_blank\">KB4493470</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='223msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480961\" target=\"_blank\">KB4480961</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild(), insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href=\"https://support.microsoft.com/help/4493470\" target=\"_blank\">KB4493470</a>.</div><br><a href ='#223msg'>Back to top</a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493470' target='_blank'>KB4493470</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml
index 10d69d6cc5..0135d1935a 100644
--- a/windows/release-information/status-windows-10-1703.yml
+++ b/windows/release-information/status-windows-10-1703.yml
@@ -60,11 +60,10 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>OS Build 15063.1805<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
       <tr><td><div id='321msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#321msgdesc'>See details ></a></td><td>OS Build 15063.1563<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480973' target='_blank'>KB4480973</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 15063.1784<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
       <tr><td><div id='190msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#190msgdesc'>See details ></a></td><td>OS Build 15063.1689<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489871' target='_blank'>KB4489871</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='234msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. <br><br><a href = '#234msgdesc'>See details ></a></td><td>OS Build 15063.1716<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489888' target='_blank'>KB4489888</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='222msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#222msgdesc'>See details ></a></td><td>OS Build 15063.1563<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480973' target='_blank'>KB4480973</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='329msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#329msgdesc'>See details ></a></td><td>OS Build 15063.1631<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487020' target='_blank'>KB4487020</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -75,22 +74,22 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>OS Build 15063.1805<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 15063.1784<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: March 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='190msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489871\" target=\"_blank\">KB4489871</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493436\" target=\"_blank\">KB4493436</a>.&nbsp;</div><br><a href ='#190msg'>Back to top</a></td><td>OS Build 15063.1689<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489871' target='_blank'>KB4489871</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493436' target='_blank'>KB4493436</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='234msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href=\"https://support.microsoft.com/help/4493474\" target=\"_blank\">KB4493474</a>.</div><br><a href ='#234msg'>Back to top</a></td><td>OS Build 15063.1716<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489888' target='_blank'>KB4489888</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 19, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='329msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493474\" target=\"_blank\">KB4493474</a>.&nbsp;</div><br><a href ='#329msg'>Back to top</a></td><td>OS Build 15063.1631<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487020' target='_blank'>KB4487020</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -100,6 +99,5 @@ sections:
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='321msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#321msg'>Back to top</a></td><td>OS Build 15063.1563<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480973' target='_blank'>KB4480973</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='222msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480973\" target=\"_blank\">KB4480973</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild(), insertBefore(),</strong> and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href=\"https://support.microsoft.com/help/4493474\" target=\"_blank\">KB4493474</a>.</div><br><a href ='#222msg'>Back to top</a></td><td>OS Build 15063.1563<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480973' target='_blank'>KB4480973</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493474' target='_blank'>KB4493474</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index 45e3ada4b8..c14a086487 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -60,13 +60,11 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='334msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#334msgdesc'>See details ></a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
       <tr><td><div id='320msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#320msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='189msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#189msgdesc'>See details ></a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='233msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. <br><br><a href = '#233msgdesc'>See details ></a></td><td>OS Build 16299.1059<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489890' target='_blank'>KB4489890</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='221msg'></div><b>MSXML6 causes applications to stop responding if an exception was thrown</b><br>MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#221msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='143msg'></div><b>Stop error when attempting to start SSH from WSL</b><br>A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.<br><br><a href = '#143msgdesc'>See details ></a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='328msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#328msgdesc'>See details ></a></td><td>OS Build 16299.967<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4486996' target='_blank'>KB4486996</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='361msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#361msgdesc'>See details ></a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>May 14, 2019 <br>01:18 PM PT</td></tr>
+      <tr><td><div id='347msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#347msgdesc'>See details ></a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       </table>
       "
 
@@ -77,12 +75,22 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='334msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#334msg'>Back to top</a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='361msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4499179\" target=\"_blank\">KB4499179</a>.</div><br><a href ='#361msg'>Back to top</a></td><td>OS Build 16299.1127<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499179' target='_blank'>KB4499179</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
       </table>
       "
 
@@ -91,18 +99,7 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='189msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489886\" target=\"_blank\">KB4489886</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><br><a href ='#189msg'>Back to top</a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='233msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue is resolved in <a href=\"https://support.microsoft.com/help/4493441\" target=\"_blank\">KB4493441</a>.</div><br><a href ='#233msg'>Back to top</a></td><td>OS Build 16299.1059<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489890' target='_blank'>KB4489890</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 19, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='143msgdesc'></div><b>Stop error when attempting to start SSH from WSL</b><div>After applying <a href=\"https://support.microsoft.com/help/4489886\" target=\"_blank\">KB4489886</a>, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue is resolved in <a href=\"https://support.microsoft.com/help/4493441\" target=\"_blank\">KB4493441</a>.</div><br><a href ='#143msg'>Back to top</a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='328msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493441\" target=\"_blank\">KB4493441</a>.&nbsp;</div><br><a href ='#328msg'>Back to top</a></td><td>OS Build 16299.967<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4486996' target='_blank'>KB4486996</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='347msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489886\" target=\"_blank\">KB4489886</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493440\" target=\"_blank\">KB4493440</a>.&nbsp;</div><br><a href ='#347msg'>Back to top</a></td><td>OS Build 16299.1029<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489886' target='_blank'>KB4489886</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493440' target='_blank'>KB4493440</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -112,6 +109,5 @@ sections:
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='320msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#320msg'>Back to top</a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='221msgdesc'></div><b>MSXML6 causes applications to stop responding if an exception was thrown</b><div>After installing <a href=\"https://support.microsoft.com/help/4480978\" target=\"_blank\">KB4480978</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild(), insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493441\" target=\"_blank\">KB4493441</a>.</div><br><a href ='#221msg'>Back to top</a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493441' target='_blank'>KB4493441</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index 3e58d9c048..b9de2829d9 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -60,15 +60,12 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='333msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#333msgdesc'>See details ></a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
       <tr><td><div id='237msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.<br><br><a href = '#237msgdesc'>See details ></a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='319msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#319msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='362msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#362msgdesc'>See details ></a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
       <tr><td><div id='188msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#188msgdesc'>See details ></a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='232msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. <br><br><a href = '#232msgdesc'>See details ></a></td><td>OS Build 17134.677<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489894' target='_blank'>KB4489894</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='194msg'></div><b>First character of the Japanese era name not recognized</b><br>The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.<br><br><a href = '#194msgdesc'>See details ></a></td><td>OS Build 17134.556<br><br>January 15, 2019<br><a href ='https://support.microsoft.com/help/4480976' target='_blank'>KB4480976</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4487029' target='_blank'>KB4487029</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='220msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#220msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='144msg'></div><b>Stop error when attempting to start SSH from WSL</b><br>A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.<br><br><a href = '#144msgdesc'>See details ></a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='327msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#327msgdesc'>See details ></a></td><td>OS Build 17134.590<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487017' target='_blank'>KB4487017</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -79,12 +76,22 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='333msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493437\" target=\"_blank\">KB4493437</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#333msg'>Back to top</a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='362msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4493437\" target=\"_blank\">KB4493437</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4499167\" target=\"_blank\">KB4499167</a>.</div><br><a href ='#362msg'>Back to top</a></td><td>OS Build 17134.753<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 25, 2019 <br>02:00 PM PT</td></tr>
       </table>
       "
 
@@ -96,17 +103,6 @@ sections:
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='237msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489868\" target=\"_blank\">KB4489868</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:</div><div><br></div><div><strong>Option 1:</strong>&nbsp;</div><div>Open an Administrator Command prompt and type the following:&nbsp;&nbsp;</div><pre class=\"ql-syntax\" spellcheck=\"false\">Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
 </pre><div><br></div><div>&nbsp;<strong>Option 2:</strong>&nbsp;</div><div>Use the Windows Deployment Services UI to make the following adjustment:&nbsp;&nbsp;</div><ol><li>Open Windows Deployment Services from Windows Administrative Tools.&nbsp;</li><li>Expand Servers and right-click a WDS server.&nbsp;</li><li>Open its properties and clear the <strong>Enable Variable Window Extension </strong>box on the TFTP tab.&nbsp;&nbsp;</li></ol><div><strong>Option 3:</strong>&nbsp;</div><div>Set the following registry value to 0:</div><div>HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension&nbsp;&nbsp;</div><div><br></div><div>Restart the WDSServer service after disabling the Variable Window Extension.&nbsp;</div><div>&nbsp;</div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#237msg'>Back to top</a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='188msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489868\" target=\"_blank\">KB4489868</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493437\" target=\"_blank\">KB4493437</a>.&nbsp;</div><br><a href ='#188msg'>Back to top</a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493437' target='_blank'>KB4493437</a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='232msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution</strong>: This issue was resolved in <a href=\"https://support.microsoft.com/help/4493464\" target=\"_blank\">KB4493464</a>.&nbsp;</div><br><a href ='#232msg'>Back to top</a></td><td>OS Build 17134.677<br><br>March 19, 2019<br><a href ='https://support.microsoft.com/help/4489894' target='_blank'>KB4489894</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 19, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='144msgdesc'></div><b>Stop error when attempting to start SSH from WSL</b><div>After applying <a href=\"https://support.microsoft.com/help/4489868\" target=\"_blank\">KB4489868</a>, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh -A) or a configuration setting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution</strong>: This issue was resolved in <a href=\"https://support.microsoft.com/help/4493464\" target=\"_blank\">KB4493464</a>.</div><br><a href ='#144msg'>Back to top</a></td><td>OS Build 17134.648<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489868' target='_blank'>KB4489868</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='327msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493464\" target=\"_blank\">KB4493464</a>.&nbsp;</div><br><a href ='#327msg'>Back to top</a></td><td>OS Build 17134.590<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487017' target='_blank'>KB4487017</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -116,7 +112,5 @@ sections:
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='319msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#319msg'>Back to top</a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='194msgdesc'></div><b>First character of the Japanese era name not recognized</b><div>After installing <a href=\"https://support.microsoft.com/help/4480976\" target=\"_blank\">KB4480976</a>, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution</strong>: This issue is resolved in <a href=\"https://support.microsoft.com/help/4487029\" target=\"_blank\">KB4487029</a>.&nbsp;</div><br><a href ='#194msg'>Back to top</a></td><td>OS Build 17134.556<br><br>January 15, 2019<br><a href ='https://support.microsoft.com/help/4480976' target='_blank'>KB4480976</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4487029' target='_blank'>KB4487029</a></td><td>Resolved:<br>February 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='220msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480966\" target=\"_blank\">KB4480966</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue was resolved in <a href=\"https://support.microsoft.com/help/4493464\" target=\"_blank\">KB4493464</a>.&nbsp;</div><br><a href ='#220msg'>Back to top</a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493464' target='_blank'>KB4493464</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index 82bcf3314f..e94c90b28d 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -65,16 +65,18 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='325msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#325msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='187msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#187msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>OS Build 17763.502<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
+      <tr><td><div id='346msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F<br><br><a href = '#346msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
+      <tr><td><div id='341msg'></div><b>Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007</b><br>Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.<br><br><a href = '#341msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 02, 2019 <br>04:47 PM PT</td></tr>
       <tr><td><div id='239msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.<br><br><a href = '#239msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='318msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#318msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='167msg'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><br>Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.<br><br><a href = '#167msgdesc'>See details ></a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>March 15, 2019 <br>12:00 PM PT</td></tr>
-      <tr><td><div id='318msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#318msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='231msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may  stop working and a blue screen may appear at startup. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 17763.404<br><br>April 02, 2019<br><a href ='https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='240msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='219msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#219msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='326msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#326msgdesc'>See details ></a></td><td>OS Build 17763.316<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487044' target='_blank'>KB4487044</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='158msg'></div><b>Apps may stop working after selecting an audio output device other than the default</b><br>Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.<br><br><a href = '#158msgdesc'>See details ></a></td><td>OS Build 17763.348<br><br>March 01, 2019<br><a href ='https://support.microsoft.com/help/4482887' target='_blank'>KB4482887</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>April 02, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='377msg'></div><b>Windows 10, version 1809 update history may show an update installed twice</b><br>Some customers are reporting that KB4494441 installed twice on their device<br><br><a href = '#377msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>02:37 PM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='373msg'></div><b>Zone transfers over TCP may fail</b><br>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.<br><br><a href = '#373msgdesc'>See details ></a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
+      <tr><td><div id='355msg'></div><b>Latest cumulative update (KB 4495667) installs automatically</b><br>Reports that the optional cumulative update (KB 4495667) installs automatically.<br><br><a href = '#355msgdesc'>See details ></a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 08, 2019 <br>03:37 PM PT</td></tr>
+      <tr><td><div id='352msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809<br><br><a href = '#352msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 08, 2019 <br>03:30 PM PT</td></tr>
+      <tr><td><div id='349msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#349msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>May 03, 2019 <br>12:40 PM PT</td></tr>
       </table>
       "
 
@@ -85,13 +87,27 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>OS Build 17763.502<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='346msgdesc'></div><b>Devices with some Asian language packs installed may receive an error</b><div>After installing the April 2019 Cumulative Update (<a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong></div><ol><li>Uninstall and reinstall any recently added language packs.&nbsp;For instructions, see \"<a href=\"https://support.microsoft.com/help/4496404/windows-10-manage-the-input-and-display-language\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>\".</li><li>Click <strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see \"<a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>\".</li></ol><div><strong>Note: </strong>If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</div><ol><li class=\"ql-indent-1\">Go to <strong>Settings app</strong> -&gt; <strong>Recovery</strong>.</li><li class=\"ql-indent-1\">Click on <strong>Get Started</strong> under <strong>\"Reset this PC\"</strong> recovery option.</li><li class=\"ql-indent-1\">Select <strong>\"Keep my Files\"</strong>.</li></ol><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#346msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>10:59 AM PT<br><br>Opened:<br>May 02, 2019 <br>04:36 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='341msgdesc'></div><b>Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007</b><div>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong>You can use another browser, such as Internet Explorer to print your documents.</div><div>&nbsp;</div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#341msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 02, 2019 <br>04:47 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:47 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='377msgdesc'></div><b>Windows 10, version 1809 update history may show an update installed twice</b><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809</li></ul><div></div><div><strong>Cause:</strong></div><div>In certain situations, installing an update requires multiple download and restart steps. In cases where two intermediate steps of the installation complete successfully, the <strong>View your Update history</strong> page will report that installation completed successfully twice.&nbsp;</div><div><br></div><div><strong>Resolution:</strong></div><div>No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. We are working on improving this update experience to ensure the <strong>Update history</strong> correctly reflects the installation of the latest cumulative update (LCU).</div><br><a href ='#377msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 16, 2019 <br>02:37 PM PT<br><br>Opened:<br>May 14, 2019 <br>02:56 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='373msgdesc'></div><b>Zone transfers over TCP may fail</b><div>Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing <a href=\"https://support.microsoft.com/help/4495667\" target=\"_blank\">KB4495667</a>.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016&nbsp;</li><li>Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4494441\" target=\"_blank\">KB4494441</a>.</div><br><a href ='#373msg'>Back to top</a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 14, 2019 <br>01:19 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='355msgdesc'></div><b>Latest cumulative update (KB 4495667) installs automatically</b><div>Due to a servicing side issue some users were offered <a href=\"https://support.microsoft.com/help/4495667\" target=\"_blank\">KB4495667</a> (optional update) automatically and rebooted devices.  This issue has been mitigated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>:<strong> </strong>This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.</div><div> </div><br><a href ='#355msg'>Back to top</a></td><td>OS Build 17763.475<br><br>May 03, 2019<br><a href ='https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 08, 2019 <br>03:37 PM PT<br><br>Opened:<br>May 05, 2019 <br>12:01 PM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='325msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.&nbsp;</div><div>&nbsp;</div><div>Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#325msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><div>If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 17763.404<br><br>April 02, 2019<br><a href ='https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>April 02, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='352msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).</div><div><br></div><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> ArcaBit has released an update to address this issue for affected platforms. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">ArcaBit support article</a>.</div><div><br></div><div><strong>Resolution:</strong> This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).</div><br><a href ='#352msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 08, 2019 <br>03:30 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -100,19 +116,9 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='187msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites</div><ol><li>Go to <strong>Tools &gt; Internet options </strong>&gt;<strong> Security</strong>.</li><li>Within <strong>Select a zone to view of change security settings</strong>, select <strong>Local intranet</strong> and then select <strong>Enable Protected Mode</strong>.</li><li>Select <strong>Trusted Sites</strong> and then select <strong>Enable Protected Mode</strong>.&nbsp;</li><li>Select&nbsp;<strong>OK</strong>.</li></ol><div>You must restart the browser after making these changes.&nbsp;</div><div>&nbsp;</div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#187msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='239msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:</div><div><br></div><div><strong>Option 1:</strong></div><div>Open an Administrator Command prompt and type the following:</div><pre class=\"ql-syntax\" spellcheck=\"false\">Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No&nbsp;
 </pre><div><br></div><div><strong>Option 2:</strong></div><div>Use the Windows Deployment Services UI to make the following adjustment:&nbsp;</div><ol><li>Open Windows Deployment Services from Windows Administrative Tools.&nbsp;</li><li>Expand Servers and right-click a WDS server.&nbsp;</li><li>Open its properties and clear the <strong>Enable Variable Window Extension</strong> box on the TFTP tab.</li></ol><div><strong>Option 3:</strong></div><div>Set the following registry value to 0:</div><div>HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension&nbsp;&nbsp;</div><div><br></div><div>Restart the WDSServer service after disabling the Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#239msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='158msgdesc'></div><b>Apps may stop working after selecting an audio output device other than the default</b><div>After installing <a href=\"https:\\\\support.microsoft.com\\help\\4482887\" target=\"_blank\">KB4482887</a> on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the \"Default Audio Device\". Examples of applications that may stop working include:&nbsp;</div><ul><li>Windows Media Player&nbsp;</li><li>Realtek HD Audio Manager&nbsp;</li><li>Sound Blaster Control Panel&nbsp;</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4490481\" target=\"_blank\">KB4490481</a>.&nbsp;</div><br><a href ='#158msg'>Back to top</a></td><td>OS Build 17763.348<br><br>March 01, 2019<br><a href ='https://support.microsoft.com/help/4482887' target='_blank'>KB4482887</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved:<br>April 02, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 01, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='326msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 &nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 &nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.&nbsp;&nbsp;</div><br><a href ='#326msg'>Back to top</a></td><td>OS Build 17763.316<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487044' target='_blank'>KB4487044</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='349msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites</div><ol><li>Go to <strong>Tools &gt; Internet options </strong>&gt;<strong> Security</strong>.</li><li>Within <strong>Select a zone to view of change security settings</strong>, select <strong>Local intranet</strong> and then select <strong>Enable Protected Mode</strong>.</li><li>Select <strong>Trusted Sites</strong> and then select <strong>Enable Protected Mode</strong>.&nbsp;</li><li>Select&nbsp;<strong>OK</strong>.</li></ol><div>You must restart the browser after making these changes.</div><div><br></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4495667\" target=\"_blank\">KB4495667</a>.</div><br><a href ='#349msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4495667' target='_blank'>KB4495667</a></td><td>Resolved:<br>May 03, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -121,9 +127,7 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='318msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#318msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>January 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='240msgdesc'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><div>After installing <a href=\"https://support.microsoft.com/help/4480116\" target=\"_blank\">KB4480116</a>, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:&nbsp;</div><ul><li>Cache size and location show zero or empty.&nbsp;</li><li>Keyboard shortcuts may not work properly.&nbsp;</li><li>Webpages may intermittently fail to load or render correctly.&nbsp;</li><li>Issues with credential prompts.&nbsp;</li><li>Issues when downloading files.&nbsp;</li></ul><div></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2;&nbsp;Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution</strong>: This issue was resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.&nbsp;</div><br><a href ='#240msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='219msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480116\" target=\"_blank\">KB4480116</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div>&nbsp;</div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.&nbsp;</div><br><a href ='#219msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='318msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#318msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index 9c9b11c520..c470ee3d27 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -60,16 +60,13 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='255msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#255msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='258msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#258msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='254msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#254msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='256msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#256msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
       <tr><td><div id='324msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.<br><br><a href = '#324msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='372msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#372msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:23 PM PT</td></tr>
+      <tr><td><div id='370msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#370msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:22 PM PT</td></tr>
+      <tr><td><div id='366msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#366msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
+      <tr><td><div id='357msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#357msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>May 14, 2019 <br>01:17 PM PT</td></tr>
       <tr><td><div id='268msg'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><br>Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.<br><br><a href = '#268msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='262msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#262msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480970' target='_blank'>KB4480970</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='266msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#266msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='267msg'></div><b>NETDOM.EXE fails to run</b><br>NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.<br><br><a href = '#267msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='332msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#332msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4486563' target='_blank'>KB4486563</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -80,15 +77,24 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='255msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#255msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='254msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#254msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='256msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#256msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='324msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: &nbsp;Windows 8.1; Windows 7 SP1</li><li>Server: &nbsp;Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>Guidance for McAfee customers can be found in the following McAfee support articles:&nbsp;</div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a></li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a></li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a></li></ul><div></div><div><strong>Next steps: </strong>We are presently investigating this issue with McAfee. We will provide an update once we have more information.</div><br><a href ='#324msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='372msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#372msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:23 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='370msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#370msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:22 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='366msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#366msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='268msgdesc'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><div>Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a> and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> Avast has released emergency updates to address this issue. For more information and AV update schedule, see the <a href=\"https://kb.support.business.avast.com/GetPublicArticle?title=Windows-machines-running-Avast-for-Business-and-Cloud-Care-Freezing-on-Start-up\" target=\"_blank\">Avast support KB article</a>.</div><br><a href ='#268msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
@@ -98,26 +104,6 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='258msgdesc'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Workaround:</strong> To mitigate this issue, use one of the following options:</div><ul><li><strong>Option 1:</strong> Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.</li><li><strong>Option 2:</strong> If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.</li><li><strong>Option 3:</strong> Use constrained delegation.</li></ul><div></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#258msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='266msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><br><a href ='#266msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='267msgdesc'></div><b>NETDOM.EXE fails to run</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><br><a href ='#267msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='332msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.&nbsp;</div><div>&nbsp;</div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.&nbsp;</div><div>&nbsp;</div><div><strong>Affected platforms:</strong>&nbsp;&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution: </strong>This issue is resolved in <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.&nbsp;</div><br><a href ='#332msg'>Back to top</a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4486563' target='_blank'>KB4486563</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: January 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='262msgdesc'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><div>After installing <a href=\"https://support.microsoft.com/help/4480970\" target=\"_blank\">KB4480970</a>, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:</div><ul><li>Cache size and location show zero or empty.</li><li>Keyboard shortcuts may not work properly.</li><li>Webpages may intermittently fail to load or render correctly.</li><li>Issues with credential prompts.</li><li>Issues when downloading files.</li></ul><div></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2;&nbsp;Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><br><a href ='#262msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480970' target='_blank'>KB4480970</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='357msgdesc'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><div>After installing <a href=\"https://support.microsoft.com/help/4489878\" target=\"_blank\">KB4489878</a>, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4499164\" target=\"_blank\">KB4499164</a>.</div><br><a href ='#357msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index 4a94eba224..70c10a4997 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -60,17 +60,16 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='282msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#282msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
+      <tr><td><div id='378msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.<br><br><a href = '#378msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
       <tr><td><div id='279msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.<br><br><a href = '#279msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='280msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#280msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='283msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#283msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='285msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.<br><br><a href = '#285msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='336msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.<br><br><a href = '#336msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 18, 2019 <br>05:00 PM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='371msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#371msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:22 PM PT</td></tr>
+      <tr><td><div id='369msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#369msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:22 PM PT</td></tr>
+      <tr><td><div id='365msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#365msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
       <tr><td><div id='284msg'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><br>Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.<br><br><a href = '#284msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='273msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#273msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='274msg'></div><b>MSXML6 may cause applications to stop responding.</b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#274msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='276msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#276msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='286msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#286msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487000' target='_blank'>KB4487000</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -81,15 +80,26 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='378msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#378msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='282msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#282msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='280msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#280msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='283msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#283msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: &nbsp;Windows 8.1; Windows 7 SP1</li><li>Server: &nbsp;Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>Guidance for McAfee customers can be found in the following McAfee support articles:&nbsp;&nbsp;</div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a>&nbsp;</li></ul><div></div><div><strong>Next steps:</strong> We are presently investigating this issue with McAfee. We will provide an update once we have more information.&nbsp;</div><br><a href ='#336msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 18, 2019 <br>05:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='371msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#371msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:22 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='369msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#369msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:22 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='365msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#365msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='284msgdesc'></div><b>Devices may not respond at login or Welcome screen if running certain Avast software</b><div>Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446 </a>and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution</strong>: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the <a href=\"https://kb.support.business.avast.com/GetPublicArticle?title=Windows-machines-running-Avast-for-Business-and-Cloud-Care-Freezing-on-Start-up\" target=\"_blank\">Avast support KB article</a>.</div><br><a href ='#284msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
@@ -101,16 +111,6 @@ sections:
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='279msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489881\" target=\"_blank\">KB4489881</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012&nbsp;</li></ul><div></div><div><strong>Workaround:</strong>&nbsp;To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:</div><div><br></div><div><strong>Option 1:</strong></div><div>Open an Administrator Command prompt and type the following:</div><pre class=\"ql-syntax\" spellcheck=\"false\">Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No
 </pre><div><br></div><div><strong>Option 2:</strong></div><div>Use the Windows Deployment Services UI to make the following adjustment:</div><ol><li>Open Windows Deployment Services from Windows Administrative Tools.</li><li>Expand Servers and right-click a WDS server.</li><li>Open its properties and clear the <strong>Enable Variable Window Extension</strong> box on the TFTP tab.</li></ol><div><strong>Option 3:</strong></div><div>Set the following registry value to 0:</div><div>HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension</div><div><br></div><div>Restart the WDSServer service after disabling the Variable Window Extension.</div><div><br></div><div><strong>Next steps:</strong>&nbsp;Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#279msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='276msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489881\" target=\"_blank\">KB4489881</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><br><a href ='#276msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='286msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.</div><div><br></div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.</div><div><br></div><div><strong>Affected platforms&nbsp;</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;&nbsp;Windows 10, version 1607;&nbsp;Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;&nbsp;Windows 10 Enterprise LTSB 2015;&nbsp;Windows 8.1; Windows 7&nbsp;SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008&nbsp;R2&nbsp;SP1;&nbsp;Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><br><a href ='#286msg'>Back to top</a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487000' target='_blank'>KB4487000</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -120,7 +120,5 @@ sections:
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='285msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround</strong>: Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn’t have CSV ownership.</li></ul><div></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#285msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='273msgdesc'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><div>After installing <a href=\"https://support.microsoft.com/help/4480963\" target=\"_blank\">KB4480963</a>, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:</div><ul><li>Cache size and location show zero or empty.</li><li>Keyboard shortcuts may not work properly.</li><li>Webpages may intermittently fail to load or render correctly.</li><li>Issues with credential prompts.</li><li>Issues when downloading files.</li></ul><div></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2;&nbsp;Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><br><a href ='#273msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='274msgdesc'></div><b>MSXML6 may cause applications to stop responding.</b><div>After installing <a href=\"https://support.microsoft.com/help/4480963\" target=\"_blank\">KB4480963</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><br><a href ='#274msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
index 40672e97b4..fc5bd1a5a9 100644
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@@ -60,11 +60,9 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='294msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#294msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='293msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#293msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='300msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#300msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='295msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#295msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487023' target='_blank'>KB4487023</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='299msg'></div><b>NETDOM.EXE fails to run</b><br>NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.<br><br><a href = '#299msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='368msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#368msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
+      <tr><td><div id='364msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#364msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
+      <tr><td><div id='359msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#359msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499149' target='_blank'>KB4499149</a></td><td>May 14, 2019 <br>01:18 PM PT</td></tr>
       </table>
       "
 
@@ -80,8 +78,8 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='294msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps</strong>: We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#294msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='293msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#293msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='368msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#368msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:19 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -90,16 +88,6 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='300msgdesc'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><div>After installing <a href=\"https://support.microsoft.com/help/4489880\" target=\"_blank\">KB4489880</a>, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Workaround:</strong> To mitigate this issue, use one of the following options:</div><ul><li><strong>Option 1:</strong> Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.</li><li><strong>Option 2:</strong> If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.</li><li><strong>Option 3:</strong> Use constrained delegation.</li></ul><div></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#300msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='299msgdesc'></div><b>NETDOM.EXE fails to run</b><div>After installing <a href=\"https://support.microsoft.com/help/4489880\" target=\"_blank\">KB4489880</a>, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution</strong>: This issue is resolved in <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><br><a href ='#299msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='295msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.</div><div><br></div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.</div><div><br></div><div><strong>Affected platforms&nbsp;</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;&nbsp;Windows 10, version 1607;&nbsp;Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;&nbsp;Windows 10 Enterprise LTSB 2015;&nbsp;Windows 8.1; Windows 7&nbsp;SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008&nbsp;R2&nbsp;SP1;&nbsp;Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution</strong>: This issue is resolved in <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><br><a href ='#295msg'>Back to top</a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487023' target='_blank'>KB4487023</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='359msgdesc'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><div>After installing <a href=\"https://support.microsoft.com/help/4489880\" target=\"_blank\">KB4489880</a>, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href=\"https://support.microsoft.com/help/4499149\" target=\"_blank\">KB4499149</a>.</div><br><a href ='#359msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499149' target='_blank'>KB4499149</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index 046f75de26..6c3bdd10c2 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -60,13 +60,13 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='313msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#313msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
+      <tr><td><div id='383msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#383msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
+      <tr><td><div id='378msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.<br><br><a href = '#378msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
       <tr><td><div id='311msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.<br><br><a href = '#311msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='312msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#312msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='314msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.<br><br><a href = '#314msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='308msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#308msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='307msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#307msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td><div id='315msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#315msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487025' target='_blank'>KB4487025</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><div id='379msg'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><br>When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. <br><br><a href = '#379msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>May 15, 2019 <br>05:55 PM PT</td></tr>
+      <tr><td><div id='367msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#367msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:21 PM PT</td></tr>
+      <tr><td><div id='363msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#363msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 14, 2019 <br>01:19 PM PT</td></tr>
       </table>
       "
 
@@ -77,13 +77,24 @@ sections:
         <div>
         </div> 
       "
+- title: May 2019
+- items:
+  - type: markdown
+    text: "
+      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='383msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#383msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='378msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#378msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='379msgdesc'></div><b>Layout and cell size of Excel sheets may change when using MS UI Gothic </b><div>When using the <strong>MS UI Gothic</strong> or <strong>MS PGothic</strong> fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using <strong>MS</strong> <strong>UI Gothic</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution</strong>: This issue has been resolved.</div><br><a href ='#379msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved:<br>May 14, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 10, 2019 <br>10:35 AM PT</td></tr>
+      </table>
+      "
+
 - title: April 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='313msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#313msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='312msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#312msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='367msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has&nbsp;released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#367msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:21 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='363msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#363msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 14, 2019 <br>01:19 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
 
@@ -97,22 +108,11 @@ sections:
       </table>
       "
 
-- title: February 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Embedded objects may display incorrectly</b><div>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.</div><div><br></div><div>For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.</div><div><br></div><div><strong>Affected platforms&nbsp;</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;&nbsp;Windows 10, version 1607;&nbsp;Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;&nbsp;Windows 10 Enterprise LTSB 2015;&nbsp;Windows 8.1; Windows 7&nbsp;SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008&nbsp;R2&nbsp;SP1;&nbsp;Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><br><a href ='#315msg'>Back to top</a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487025' target='_blank'>KB4487025</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>February 12, 2019 <br>10:00 AM PT</td></tr>
-      </table>
-      "
-
 - title: January 2019
 - items:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='314msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><div>Certain operations, such as&nbsp;<strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround:</strong> Do one of the following:</div><ul><li>Perform the operation from a process that has administrator privilege.</li><li>Perform the operation from a node that doesn’t have CSV ownership.</li></ul><div></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#314msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='308msgdesc'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><div>After installing <a href=\"https://support.microsoft.com/help/4480975\" target=\"_blank\">KB4480975</a>, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:</div><ul><li>Cache size and location show zero or empty.</li><li>Keyboard shortcuts may not work properly.</li><li>Webpages may intermittently fail to load or render correctly.</li><li>Issues with credential prompts.</li><li>Issues when downloading files.</li></ul><div></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2;&nbsp;Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><br><a href ='#308msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='307msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480975\" target=\"_blank\">KB4480975</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div><br></div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><br><a href ='#307msg'>Back to top</a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
       </table>
       "
diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml
index 2a4ba41456..65b9ab4d01 100644
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@@ -50,6 +50,24 @@ sections:
     text: "
       <table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
       
+      <tr><td><a href = 'https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates' target='_blank'><b>Reminder: Install the latest SSU for a smoother update experience </b></a><br><div>We strongly recommend that you install the latest servicing stack update (SSU) before installing any Windows update; especially as an SSU may be a prerequisite for some updates. If you have difficulty installing Windows updates, verify that you have installed the latest SSU package for your version of Windows and then try installing the update again. Links to the latest SSU are always provided in the “How to get this update” section of each update KB article (e.g., <a href='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a>).  For more information about SSUs, see our <a href='https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates' target='_blank'>Servicing stack updates</a> guidance.</div></td><td>May 14, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><a href = 'https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/' target='_blank'><b>Take action: Update Remote Desktop Services on older versions of Windows</b></a><br><div>Today, we released fixes for a critical wormable, remote code execution vulnerability (<a href='https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708' target='_blank'>CVE-2019-0708</a>) in Remote Desktop Services—formerly known as Terminal Services. This vulnerability affects Windows 7, Windows Server 2008 R2, and earlier versions of Windows nearing end of support. It does not affect Windows 8, Windows Server 2012, or newer operating systems. While we have not observed attacks exploiting this vulnerability, affected systems should be patched with priority. Here is what you need to know:<br> <br>
+<strong>Call to action:</strong>
+<ul>
+<li>	If you are running a supported version of Windows and have automatic updates enabled, you are automatically protected and do not need to take any action. </li>
+<li>	If you are managing updates on behalf of your organization, you should download the latest updates from the <a href='https://portal.msrc.microsoft.com/' target='_blank'>Microsoft Security Update Guide</a> and apply them to your Windows 7, Windows Server 2008 R2, and Windows Server 2008 devices as soon as possible.</li>
+</ul>
+Given the potential impact to customers and their businesses, we have also released <a href='https://support.microsoft.com/help/4500705' target='_blank'>security updates for Windows XP and Windows Server 2003</a>, even though these operating systems have reached end of support (except by custom support agreements). While we recommend that you upgrade to the current version of Windows to benefit from the latest security protections, these updates are available from the Microsoft Update Catalog only. For more information, see <a href='https://support.microsoft.com/help/4500705' target='_blank'>KB4500705</a>.
+ </div>
+</td><td>May 14, 2019 <br>10:00 AM PT</td></tr>
+      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376' target='_blank'><b>Reminder: Windows 10  update servicing cadence</b></a><br><div>This month we received questions about the cadence of updates we released in April and May 2019. Here's a quick recap of our releases and servicing cadence: <br>
+ <ul>
+<li>	April 9, 2019 was the regular Update Tuesday release for all versions of Windows.</li> 
+<li>	May 1, 2019 was an \"optional,\" out of band non-security update (OOB) for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.</li>
+<li>	May 3, 2019 was the \"optional\" Windows 10, version 1809 \"C\" release for April. This update contained important <a href='https://support.microsoft.com/help/4470918/updates-for-may-2019-japan-era-change' target='_blank'>Japanese era</a> packages for commercial customers to preview. It was released later than expected and mistakenly targeted as \"required\" (instead of \"optional\") for consumers, which pushed the update out to customers and required a reboot. Within 24 hours of receiving customer reports, we corrected the targeting logic and mitigated the issue.</li>
+ </ul>
+ For more information about the Windows 10  update servicing cadence, please see the <a href='https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376' target='_blank'>Window IT Pro blog</a>.</div>
+</td><td>May 10, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><a href = 'https://support.microsoft.com/help/4493730/servicing-stack-update-for-windows-server-2008-sp2' target='_blank'><b>Take action: Install servicing stack update for Windows Server 2008 SP2 for SHA-2 code sign support</b></a><br>A standalone update, KB4493730, that introduce SHA-2 code sign support for the servicing stack (SSU) was released today as a security update.</td><td>April 19, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847' target='_blank'><b>The benefits of Windows 10 Dynamic Update</b></a><br><div>Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed. </div><br>
 
diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md
index 38c26d9546..18d956384e 100644
--- a/windows/security/identity-protection/access-control/microsoft-accounts.md
+++ b/windows/security/identity-protection/access-control/microsoft-accounts.md
@@ -22,7 +22,7 @@ ms.date: 10/13/2017
 
 This topic for the IT professional explains how a Microsoft account works to enhance security and privacy for users, and how you can manage this consumer account type in your organization.
 
-Microsoft sites, services, and properties, as well as computers running Windows 10, can use a Microsoft account as a mean of identifying a user. Microsoft account was previously called Windows Live ID. It has user-defined secrets, and consists of a unique email address and a password.
+Microsoft sites, services, and properties, as well as computers running Windows 10, can use a Microsoft account as a means of identifying a user. Microsoft account was previously called Windows Live ID. It has user-defined secrets, and consists of a unique email address and a password.
 
 When a user signs in with a Microsoft account, the device is connected to cloud services. Many of the user's settings, preferences, and apps can be shared across devices.
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index b315be80ea..63b387c407 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -20,6 +20,7 @@ ms.date: 03/01/2019
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
+-   Windows Server 2019
 
 
 ## Enable Windows Defender Credential Guard
@@ -134,8 +135,7 @@ DG_Readiness_Tool_v3.5.ps1 -Ready
 ```
 
 > [!NOTE]
-
-For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
+> For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
 
 -   We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard will not help to secure a device or identity that has already been compromised, which is why we recommend turning on Credential Guard as early as possible.
 
@@ -157,13 +157,14 @@ To disable Windows Defender Credential Guard, you can use the following set of p
 1.  If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Device Guard** -&gt; **Turn on Virtualization Based Security**).
 2.  Delete the following registry settings:
     - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags
+    - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags
+3.  If you also wish to disable virtualization-based security delete the following registry settings:
     - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity
     - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures
-
     > [!IMPORTANT]
     > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
 
-3.  Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
+4.  Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
 
     ``` syntax
     mountvol X: /s
@@ -171,18 +172,20 @@ To disable Windows Defender Credential Guard, you can use the following set of p
     bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
     bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
-    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
-    bcdedit /set hypervisorlaunchtype off
     mountvol X: /d
     ```
 
-2.  Restart the PC.
-3.  Accept the prompt to disable Windows Defender Credential Guard.
-4.  Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.
+5.  Restart the PC.
+6.  Accept the prompt to disable Windows Defender Credential Guard.
+7.  Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard.
 
 > [!NOTE]
-> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings:
+
+    bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+    bcdedit /set vsmlaunchtype off
 
 > [!NOTE]
 > Credential Guard and Device Guard are not currently supported when using Azure IaaS VMs. These options will be made available with future Gen 2 VMs.
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index f1d2d6408b..01b67c4951 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -252,7 +252,7 @@ Contains numeric value ranging from 0 to 100 to represent the wireless network's
 <sig_quality>80</sig_quality>
 ```
  
-### Sample Trusted Signal Congfigurations
+### Sample Trusted Signal Configurations
 
 These examples are wrapped for readability.  Once properly formatted, the entire XML contents must be a single line.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
index ebb6eed030..680fe15627 100644
--- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
+++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
@@ -24,21 +24,21 @@ ms.date: 08/20/2018
 
 ## How many is adequate
 
-How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2016 includes the KDC AS Requests performance counter.  You can use these counters to determine how much of a domain controllers load is due to initial Kerberos authentication.  It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication--it remains unchanged.
+How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic.  Windows Server 2016 includes the KDC AS Requests performance counter.  You can use these counters to determine how much of a domain controller's load is due to initial Kerberos authentication.  It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication--it remains unchanged.
 
 Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys.  This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers.  Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 domain controller.
   
-Determining an adequate number of Windows Server 2016 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2016) to a deployment of existing domain controllers (Windows Server 2008R2 or Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on".   To illustrate the "piling on" concept, consider the following scenario.
+Determining an adequate number of Windows Server 2016 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2016) to a deployment of existing domain controllers (Windows Server 2008R2 or Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on".   To illustrate the "piling on" concept, consider the following scenario:
  
-Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment.  The Kerberos AS requests load would look something like the following.
+Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment.  The Kerberos AS requests load would look something like the following:
 
 ![dc-chart1](images/plan/dc-chart1.png)
 
-The environment changes.  The first change includes DC1 upgraded to Windows Server 2016 to support Windows Hello for Business key-trust authentication. Next, 100 clients enroll for Windows Hello for Business using the public key trust deployment.   Given all other factors stay constant, the authentication would now look like the following.
+The environment changes.  The first change includes DC1 upgraded to Windows Server 2016 to support Windows Hello for Business key-trust authentication. Next, 100 clients enroll for Windows Hello for Business using the public key trust deployment.   Given all other factors stay constant, the authentication would now look like the following:
 
 ![dc-chart2](images/plan/dc-chart2.png)
 
-The Windows Server 2016 domain controller is handling 100 percent of all public key trust authentication.  However, it is also handling 10 percent of the password authentication. Why?  This behavior occurs because domain controllers 2- 10 only support password and certificate trust authentication; only a Windows Server 2016 domain controller supports authentication public key trust authentication.  The Windows Server 2016 domain controller understands how to authenticate password and certificate trust authentication and will continue to share the load of authenticating those clients.  Because DC1 can handle all forms of authentication, it will be bear more of the authentication load, and easily become overloaded.  What if another Windows Server 2016 domain controller is added, but without deploying Windows Hello for Business to anymore clients.
+The Windows Server 2016 domain controller is handling 100 percent of all public key trust authentication.  However, it is also handling 10 percent of the password authentication. Why?  This behavior occurs because domain controllers 2- 10 only support password and certificate trust authentication; only a Windows Server 2016 domain controller supports authentication public key trust authentication.  The Windows Server 2016 domain controller understands how to authenticate password and certificate trust authentication and will continue to share the load of authenticating those clients.  Because DC1 can handle all forms of authentication, it will be bear more of the authentication load, and easily become overloaded.  What if another Windows Server 2016 domain controller is added, but without deploying Windows Hello for Business to anymore clients?
 
 ![dc-chart3](images/plan/dc-chart3.png)
 
@@ -63,7 +63,7 @@ The preceding was an example to show why it's unrealistic to have a "one-size-fi
 
 ## Determining total AS Request load
 
-Each organization needs to have an baseline of the AS request load that occurs in their environment. Windows Server provides the KDC AS Requests performance counter that helps you determine this.
+Each organization needs to have a baseline of the AS request load that occurs in their environment. Windows Server provides the KDC AS Requests performance counter that helps you determine this.
   
 Pick a site where you plan to upgrade the clients to Windows Hello for Business public key trust.  Pick a time when authentication traffic is most significant--Monday morning is great time as everyone is returning to the office.  Enable the performance counter on *all* the domain controllers in that site.  Collect KDC AS Requests performance counters for two hours:
 * A half-hour before you expect initial authentication (sign-ins and unlocks) to be significant
@@ -75,29 +75,29 @@ For example, if employees are scheduled to come into the office at 9:00am.  Your
 > [!NOTE]
 > To capture all the authentication traffic.  Ensure that all computers are powered down to get the most accurate authentication information (computers and services authenticate at first power up--you need to consider this authentication in your evaluation).
 
-Aggregate the performance data of all domain controllers. Look for the maximum KDC AS Requests for each domain controller.  Find the median time when the maximum number of requests occurred for the site, this should represent when the site is experience the highest amount of authentication.
+Aggregate the performance data of all domain controllers. Look for the maximum KDC AS Requests for each domain controller.  Find the median time when the maximum number of requests occurred for the site, this should represent when the site is experiencing the highest amount of authentication.
  
-Add the number of authentications for each domain controller for the median time.  You now have the total authentication for the site during a peak time.  Using this metric, you can determine the distribution of authentication across the domain controllers in the site by dividing the domain controller's authentication number for the median time by the total authentication.  Multiple the quotient by 10 to convert the distribution to a percentage.  To validate your math, all the distributions should equal 100 percent.
+Add the number of authentications for each domain controller for the median time.  You now have the total authentication for the site during a peak time.  Using this metric, you can determine the distribution of authentication across the domain controllers in the site by dividing the domain controller's authentication number for the median time by the total authentication.  Multiply the quotient by 10 to convert the distribution to a percentage.  To validate your math, all the distributions should equal 100 percent.
 
-Review the distribution of authentication.  Hopefully, none of these are above 70 percent.  It's always good to reserve some capacity for the unexpected.  Also, the primary purposes of a domain controller is to provide authentication and handle Active Directory operations. Identify domain controllers with lower distributions of authentication as potential candidates for the initial domain controller upgrades in conjunction with a reasonable distribution of clients provisioned for Windows Hello for Business.
+Review the distribution of authentication.  Hopefully, none of these are above 70 percent.  It's always good to reserve some capacity for the unexpected.  Also, the primary purposes of a domain controller are to provide authentication and handle Active Directory operations. Identify domain controllers with lower distributions of authentication as potential candidates for the initial domain controller upgrades in conjunction with a reasonable distribution of clients provisioned for Windows Hello for Business.
   
 ## Monitoring Authentication
-Using the same methods previously described above, monitor the Kerberos authentication after upgrading a domain controller and your first phase of Windows Hello for Business deployments.  Make note of the delta of authentication before and after upgrading the domain controller to Windows Server 2016.  This delta is representative of authentication resulting from the first phase of your Windows Hello for Business clients.  This gives you a baseline for your environment to where you can form a statement such as 
+Using the same methods previously described above, monitor the Kerberos authentication after upgrading a domain controller and your first phase of Windows Hello for Business deployments.  Make note of the delta of authentication before and after upgrading the domain controller to Windows Server 2016.  This delta is representative of authentication resulting from the first phase of your Windows Hello for Business clients.  This gives you a baseline for your environment from which you can form a statement such as 
 
 ```"Every n Windows Hello for Business clients results in x percentage of key-trust authentication."```
 
-Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller.  Armed with information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
+Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller.  Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
   
 Remember, increasing the number of clients changes the volume of authentication distributed across the Windows Server 2016 domain controllers. If there is only one Windows Server 2016 domain controller, there's no distribution and you are simply increasing the volume of authentication for which THAT domain controller is responsible.
 
-Increasing the number of number of domain controllers distributes the volume of authentication, but doesn't change it.  Therefore, as you add more domain controllers, the burden of authentication for which each domain controller is responsible decrease. Upgrading two domain controller changes the distribution to 50 percent. Upgrading three domain controllers changes the distribution to 33 percent, and so on.
+Increasing the number of domain controllers distributes the volume of authentication, but doesn't change it.  Therefore, as you add more domain controllers, the burden of authentication, for which each domain controller is responsible, decreases. Upgrading two domain controller changes the distribution to 50 percent. Upgrading three domain controllers changes the distribution to 33 percent, and so on.
 
 ## Strategy
 The simplest strategy you can employ is to upgrade one domain controller and monitor the single domain controller as you continue to phase in new Windows Hello for Business key-trust clients until it reaches a 70 or 80 percent threshold.
   
-Then, upgrade a second domain controller.  Monitor the authentication on both domain controllers to determine how the authentication distributes between the two domain controllers. Introduce more Windows Hello for Business clients while monitoring the authentication on the two upgraded domain controllers.  Once those reach your environments designated capacity, then upgrade another domain controller.
+Then, upgrade a second domain controller.  Monitor the authentication on both domain controllers to determine how the authentication distributes between the two domain controllers. Introduce more Windows Hello for Business clients while monitoring the authentication on the two upgraded domain controllers.  Once those reach your environment's designated capacity, you can upgrade another domain controller.
   
 Repeat until your deployment for that site is complete.  Now, monitor authentication across all your domain controllers like you did the very first time.  Determine the distribution of authentication for each domain controller.  Identify the percentage of distribution for which it is responsible.  If a single domain controller is responsible for 70 percent of more of the authentication, you may want to consider adding a domain controller to reduce the distribution of authentication volume.
   
-However, before considering this, ensure the high load of authentication is not a result of applications and services where their configuration has a statically configured domain controller. Adding domain controllers will not resolve the additional authentication load problem in this scenario.  Instead, manually distribute the authentication to different domain controllers among all the services or applications.  Alternatively, try simply using the domain name rather than a specific domain controller.  Each domain controller has an A record registered in DNS for the domain name, which DNS will round robin with each DNS query. It's not the best load balancer, however, it is a better alternative to static domain controller configurations, provided the configuration is compatible with your service or application.
+However, before considering this, ensure the high load of authentication is not a result of applications and services where their configuration has a statically-configured domain controller. Adding domain controllers will not resolve the additional authentication load problem in this scenario.  Instead, manually distribute the authentication to different domain controllers among all the services or applications.  Alternatively, try simply using the domain name rather than a specific domain controller.  Each domain controller has an A record registered in DNS for the domain name, which DNS will round robin with each DNS query. It's not the best load balancer, however, it is a better alternative to static domain controller configurations, provided the configuration is compatible with your service or application.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
index 561df3ca7b..cc631cea1a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
@@ -23,7 +23,7 @@ ms.date: 08/19/2018
 -   Certificate trust
 
 
-On-premises deployments must use the On-premises Azure MFA Server using the AD FS adapter model  Optionally, you can use a third-party MFA server that provides an AD FS Multifactor authentication adapter.  
+On-premises deployments must use an on-premises MFA Server that provides an AD FS Multifactor authentication adapter. It can be an Azure Multi-Factor Authentication Server or a third-party MFA solution.
 
 >[!TIP]
 >Please make sure you've read [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) before proceeding any further.
@@ -80,7 +80,7 @@ The following services are required:
 
 Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work.  These procedures install additional components that may need to be updated.
 
-#### Configure the IIS Server’s Certificate
+#### Configure the IIS Server Certificate
 
 The TLS protocol protects all the communication to and from the MFA server. To enable this protection, you must configure the default web site to use the previously enrolled server authentication certificate.
 
@@ -171,9 +171,9 @@ To do this, please follow the instructions mentioned in the previous [Install th
 
 Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work.  These procedures install additional components that may need to be updated.
 
-#### Configure the IIS Server’s Certificate
+#### Set the IIS Server Certificate
 
-To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server’s-certificate) section.
+To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server-certificate) section.
 
 #### Create WebServices SDK user account
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index d0801276dd..697dd4ad39 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -66,7 +66,7 @@ Sign-in a domain controller or management workstation with domain administrator
 
 The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases.  You assign Group Policy and Certificate template permissions to this group to simplify the deployment by simply adding the users to the group.  This provides them the proper permissions to provision Windows Hello for Business and to enroll in the Windows Hello for Business authentication certificate.
 
-Sign-in a domain controller or management workstation with domain administrator equivalent credentials.
+Sign into a domain controller or management workstation with domain administrator equivalent credentials.
 
 1.	Open **Active Directory Users and Computers**.
 2.	Click **View** and click **Advanced Features**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index db3e667888..36d5b85373 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -42,7 +42,7 @@ A lab or proof-of-concept environment does not need high-availability or scalabi
 Please follow [Download the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#download-the-azure-multi-factor-authentication-server) to download Azure MFA server. 
 
 >[!IMPORTANT]
->Make sure to validate the requirements for Azure MFA server, as outlined in [Install and Configure the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#install-and-configure-the-azure-multi-factor-authentication-server) before proceeding. Do not use instllation instructions provided in the article.
+>Make sure to validate the requirements for Azure MFA server, as outlined in [Install and Configure the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#install-and-configure-the-azure-multi-factor-authentication-server) before proceeding. Do not use installation instructions provided in the article.
 
 Once you have validated all the requirements, please proceed to [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md).
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index 1dabe3c95d..6f0dbf9f41 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -15,7 +15,7 @@ ms.topic: article
 localizationpriority: medium
 ms.date: 08/19/2018
 ---
-# Windows Hello for Business Frequently Ask Questions
+# Windows Hello for Business Frequently Asked Questions
 
 **Applies to**
 -   Windows 10
@@ -27,7 +27,7 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10.
 Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication.  Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business.  New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs.  Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. 
 
 ## Can I deploy Windows Hello for Business using System Center Configuration Manager?
-Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no long be supported after November 2018.
+Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018.
 
 ## How many users can enroll for Windows Hello for Business on a single Windows 10 computer?
 The maximum number of supported enrollments on a single Windows 10 computer is 10.  That enables 10 users to each enroll their face and up to 10 fingerprints.  While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available.
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 23eed38ace..e47e1f7c3d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -67,7 +67,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 |C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration.  Azure DRS validates the MFA claim remains current.  On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application which signals the end of user provisioning and the application exits.|
 |D | Azure AD Connect requests updates on its next synchronization cycle.  Azure Active Directory sends the user's public key that was securely registered through provisioning.  AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory.|
 > [!IMPORTANT]
-> The newly provisionied user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
+> The newly provisioned user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
 
 
 
@@ -87,7 +87,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 |H | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.|    
 |F | Azure AD Connect requests updates on its next synchronization cycle.  Azure Active Directory sends the user's public key that was securely registered through provisioning.  AAD Connect receives the public key and writes it to user's msDS-KeyCredentialLink attribute in Active Directory.|
 > [!IMPORTANT]
-> The newly provisionied user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
+> The newly provisioned user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
 
 
 [Return to top](#windows-hello-for-business-provisioning)
@@ -104,12 +104,12 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 |F |The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.|
 |G | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.|    
 > [!IMPORTANT]
-> Synchronous certificate enrollment does not depend on Azure AD Connect to syncrhonize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not show in this flow.
+> Synchronous certificate enrollment does not depend on Azure AD Connect to synchronize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not shown in this flow.
 
 
 [Return to top](#windows-hello-for-business-provisioning)
 ## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment
-![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Fedeerated environment](images/howitworks/prov-haadj-instant-certtrust-federated.png)
+![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](images/howitworks/prov-haadj-instant-certtrust-federated.png)
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -121,7 +121,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 |F |The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.|
 |G | The application receives the newly issued certificate and installs the it into the Personal store of the user.  This signals the end of provisioning.| 
 > [!IMPORTANT]
-> Synchronous certificate enrollment does not depend on Azure AD Connect to syncrhonize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not show in this flow.
+> Synchronous certificate enrollment does not depend on Azure AD Connect to synchronize the user's public key to issue the Windows Hello for Business authentication certificate.  Users can sign-in using the certificate immediately after provisioning completes.  Azure AD Connect continues to synchronize the public key to Active Directory, but is not shown in this flow.
 
 [Return to top](#windows-hello-for-business-provisioning)
 ## Domain joined provisioning in an On-premises Key Trust deployment
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
index 4ef877a48b..290b025714 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
@@ -43,6 +43,6 @@ Provision can occur automatically through the out-of-box-experience (OOBE) on Az
 
 ## Authentication
 
-Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment.  With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN.  PIN is the most common gesture and is avaiable on most computers and devices.  Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential.  The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device.  It is user provided entropy when performing operations that use the private portion of the credential.
+Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment.  With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN.  PIN is the most common gesture and is available on most computers and devices.  Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential.  The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device.  It is user provided entropy when performing operations that use the private portion of the credential.
 
 [How Windows Hello for Business authentication works](hello-how-it-works-authentication.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index d12e00c028..99026497a4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -24,6 +24,7 @@ ms.date: 10/08/2018
 - [Azure AD Registered](#azure-ad-registered)
 - [Certificate Trust](#certificate-trust)
 - [Cloud Deployment](#cloud-deployment)
+- [Cloud Experience Host](#cloud-experience-host)
 - [Deployment Type](#deployment-type)
 - [Endorsement Key](#endorsement-key)
 - [Federated Environment](#federated-environment)
@@ -99,6 +100,17 @@ The Windows Hello for Business Cloud deployment is exclusively for organizations
 [Azure AD Joined](#azure-ad-joined), [Azure AD Registered](#azure-ad-registered), [Deployment Type](#deployment-type), [Join Type](#join-type)
 
 [Return to Top](hello-how-it-works-technology.md)
+## Cloud Experience Host
+In Windows 10, Cloud Experience Host is an application used while joining the workplace environment or Azure AD for rendering the experience when collecting your company-provided credentials. Once you enroll your device to your workplace environment or Azure AD, your organization will be able to manage your PC and collect information about you (including your location). It might add or remove apps or content, change settings, disable features, prevent you from removing your company account, or reset your PC. 
+
+### Related topics
+[Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification), [Managed Windows Hello in Organization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-manage-in-organization)
+
+### More information
+- [Windows Hello for Business and Device Registration](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration)
+
+[Return to Top](hello-how-it-works-technology.md)
+
 ## Deployment Type
 Windows Hello for Business has three deployment models to accommodate the needs of different organizations.  The three deployment models include:
 - Cloud
@@ -316,6 +328,4 @@ In a simplified manner, the TPM is a passive component with limited resources. I
 
 
 
-
-
     
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index bf17a84426..84d389751b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -141,7 +141,7 @@ These procedures configure NTFS and share permissions on the web server to allow
 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
 2. Right-click the **cdp** folder and click **Properties**.  Click the **Sharing** tab.  Click **Advanced Sharing**.
-3. Select **Share this folder**. Type **cdp$** in **Share name:**. Click **Permissions**.
+3. Select **Share this folder**. Type **cdp$** in **Share name**. Click **Permissions**.
 ![cdp sharing](images/aadj/cdp-sharing.png)
 4. In the **Permissions for cdp$** dialog box, click **Add**.
 5. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, click **Object Types**.  In the **Object Types** dialog box, select **Computers**, and then click **OK**.
@@ -280,10 +280,10 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted
 1. Sign-in to the [Microsoft Azure Portal](https://portal.azure.com) and select **Microsoft Intune**.
 2. Click **Device configuration**.  In the **Device Configuration** blade, click **Create profile**.
 ![Intune Create Profile](images/aadj/intune-create-device-config-profile.png)
-3. In the **Create profle** blade, type **Enterprise Root Certificate** in **Name**.  Provide a description.  Select **Windows 10 and later** from the **Platform** list.  Select **Trusted certificate** from the **Profile type** list.  Click **Configure**.
+3. In the **Create profile** blade, type **Enterprise Root Certificate** in **Name**.  Provide a description.  Select **Windows 10 and later** from the **Platform** list.  Select **Trusted certificate** from the **Profile type** list.  Click **Configure**.
 4. In the **Trusted Certificate** blade, use the folder icon to browse for the location of the enterprise root certificate file you created in step 8 of [Export Enterprise Root certificate](#export-enterprise-root-certificate).  Click **OK**.  Click **Create**.
 ![Intune Trusted Certificate Profile](images/aadj/intune-create-trusted-certificate-profile.png)
-5. In the **Enterprise Root Certificate** blade, click **Assignmnets**.  In the **Include** tab, select **All Devices** from the **Assign to** list.  Click **Save**.
+5. In the **Enterprise Root Certificate** blade, click **Assignments**.  In the **Include** tab, select **All Devices** from the **Assign to** list.  Click **Save**.
 ![Intune Profile assignment](images/aadj/intune-device-config-enterprise-root-assignment.png)
 6. Sign out of the Microsoft Azure Portal.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index b571ee817f..130f1fba84 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -69,8 +69,8 @@ To include the on-premises distinguished name in the certificate's subject, Azur
 ### Verify AAD Connect version
 Sign-in to computer running Azure AD Connect with access equivalent to _local administrator_.
 
-1. Open **Syncrhonization Services** from the **Azure AD Connect** folder.
-2. In the **Syncrhonization Service Manager**, click **Help** and then click **About**.
+1. Open **Synchronization Services** from the **Azure AD Connect** folder.
+2. In the **Synchronization Service Manager**, click **Help** and then click **About**.
 3. If the version number is not **1.1.819** or later, then upgrade Azure AD Connect to the latest version.
 
 ### Verify the onPremisesDistinguishedName attribute is synchronized
@@ -172,7 +172,7 @@ You must prepare the public key infrastructure and the issuing certificate autho
 When deploying certificates using Microsoft Intune, you have the option of providing the validity period in the SCEP certificate profile rather than relying on the validity period in the certificate template.  If you need to issue the same certificate with different validity periods, it may be advantageous to use the SCEP profile, given the limited number of certificates a single NDES server can issue.
 
 > [!NOTE]
-> Skip this step if you do not want to enable Microsoft Intune to specify the validity period of the certificate.  Without this configuiration, the certificate request uses the validity period configured in the certificate template.
+> Skip this step if you do not want to enable Microsoft Intune to specify the validity period of the certificate.  Without this configuration, the certificate request uses the validity period configured in the certificate template.
 
 Sign-in to the issuing certificate authority with access equivalent to _local administrator_.
 
@@ -222,7 +222,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
 > [!Important]
-> Ensure you publish the **AADJ WHFB Authentication** certificate templates to the certificate authority that Microsoft Intune uses by way of the NDES servers. The NDES configuration asks you to choose a certificate authority from which it requests certificates.  You need to publish that cerificate templates to that issuing certificate authority.  The **NDES-Intune Authentication** certificate is directly enrolled and can be published to any certificate authority.
+> Ensure you publish the **AADJ WHFB Authentication** certificate templates to the certificate authority that Microsoft Intune uses by way of the NDES servers. The NDES configuration asks you to choose a certificate authority from which it requests certificates.  You need to publish that certificate templates to that issuing certificate authority.  The **NDES-Intune Authentication** certificate is directly enrolled and can be published to any certificate authority.
 
 Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
 
@@ -373,7 +373,7 @@ where **registryValueName** is one of the three value names from the above table
 5. Close the command prompt.
 
 > [!IMPORTANT]
-> Use the **name** of the certificate template; not the **display name**.  The certificate template name does not include spaces.  You can view the certificate names by looking at the **General** tab of the certificate template's properties in the **Certifcates Templates** management console (certtmpl.msc).
+> Use the **name** of the certificate template; not the **display name**.  The certificate template name does not include spaces.  You can view the certificate names by looking at the **General** tab of the certificate template's properties in the **Certificates Templates** management console (certtmpl.msc).
 
 ### Create a Web Application Proxy for the internal NDES URL.
 Certificate enrollment for Azure AD joined devices occurs over the Internet.  As a result, the internal NDES URLs must be accessible externally. You can do this easily and securely using Azure Active Directory Application Proxy.  Azure AD Application Proxy provides single sign-on and secure remote access for web applications hosted on-premises, such as Network Device Enrollment Services.
@@ -425,7 +425,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 3. Under **MANAGE**, click **Application proxy**.
 4. Click **Configure an app**.
 5. Under **Basic Settings** next to **Name**, type **WHFB NDES 01**.  Choose a name that correlates this Azure AD Application Proxy setting with the on-premises NDES server.  Each NDES server must have its own Azure AD Application Proxy as two NDES servers cannot share the same internal URL.
-6. Next to **Internal Url**, type the internal fully qualified DNS name of the NDES server associated with this Azure AD Application Proxy.  For example, https://ndes.corp.mstepdemo.net).  This must match the internal DNS name of the NDES server and ensure you prefix the Url with **https**.
+6. Next to **Internal Url**, type the internal, fully qualified DNS name of the NDES server associated with this Azure AD Application Proxy.  For example, https://ndes.corp.mstepdemo.net).  You need to match the primary host name (AD Computer Account name) of the NDES server, and prefix the URL with **https**.
 7. Under **Internal Url**, select **https://** from the first list.  In the text box next to **https://**, type the hostname you want to use as your external hostname for the Azure AD Application Proxy.  In the list next to the hostname you typed, select a DNS suffix you want to use externally for the Azure AD Application Proxy.  It is recommended to use the default, -[tenantName].msapproxy.net where **[tenantName]** is your current Azure Active Directory tenant name (-mstephendemo.msappproxy.net).
 ![Azure NDES Application Proxy Configuration](images/aadjcert/azureconsole-appproxyconfig.png)
 8. Select **Passthrough** from the **Pre Authentication** list.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index 2e3ac6b145..a1981cd9c2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -28,7 +28,7 @@ Windows Hello for Business involves configuring distributed technologies that ma
 * [Active Directory](#active-directory)
 * [Public Key Infrastructure](#public-key-infrastructure)
 * [Azure Active Directory](#azure-active-directory)
-* [Multi-factor Authentication Services](#multi-factor-authentication-services)
+* [Multifactor Authentication Services](#multifactor-authentication-services)
 
 
 New installations are considerably more involved than existing implementations because you are building the entire infrastructure.  Microsoft recommends you review the new installation baseline to validate your existing environment has all the needed configurations to support your hybrid certificate trust Windows Hello for Business deployment.  If your environment meets these needs, you can read the [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) section to prepare your Windows Hello for Business deployment by configuring Azure device registration.
@@ -80,7 +80,7 @@ If you do have an existing public key infrastructure, please review [Certificati
 ### Section Review ###
 
 > [!div class="checklist"]
-> *  Miniumum Windows Server 2012 Certificate Authority.
+> *  Minimum Windows Server 2012 Certificate Authority.
 > *  Enterprise Certificate Authority.
 > *  Functioning public key infrastructure.
   
@@ -128,7 +128,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 > * Review the overview and uses of Azure Multifactor Authentication.
 > * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
 > * Create an Azure Multifactor Authentication Provider, if necessary.
-> * Configure Azure Multufactor Authentiation features and settings.
+> * Configure Azure Multifactor Authentication features and settings.
 > * Understand the different User States and their effect on Azure Multifactor Authentication.
 > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server 2016 Active Directory Federation Services, if necessary.
 
@@ -141,7 +141,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. New Installation Baseline (*You are here*)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index bab9bcf458..273991ec82 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -28,13 +28,13 @@ Your environment is federated and you are ready to configure device registration
 > [!IMPORTANT]
 > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment. 
 
-Use this three phased approach for configuring device registration.
+Use this three-phased approach for configuring device registration.
 1. [Configure devices to register in Azure](#configure-azure-for-device-registration)
 2. [Synchronize devices to on-premises Active Directory](#configure-active-directory-to-support-azure-device-syncrhonization)
 3. [Configure AD FS to use cloud devices](#configure-ad-fs-to-use-azure-registered-devices)
 
 > [!NOTE]
-> Before proceeding, you should familiarize yourself with device regisration concepts such as:
+> Before proceeding, you should familiarize yourself with device registration concepts such as:
 > * Azure AD registered devices
 > * Azure AD joined devices
 > * Hybrid Azure AD joined devices
@@ -100,7 +100,7 @@ Federation server proxies are computers that run AD FS software that have been c
 Use the [Setting of a Federation Proxy](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment.
 
 ### Deploy Azure AD Connect
-Next, you need to synchronizes the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
+Next, you need to synchronize the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
 
 When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-get-started-custom).  Select the **Federation with AD FS** option on the **User sign-in** page.  At the **AD FS Farm** page, select the use an existing option and click **Next**.  
 
@@ -514,7 +514,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. Configure Azure Device Registration (*You are here*)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 6b4a465a9c..8179a617a8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -27,10 +27,10 @@ Hybrid environments are distributed systems that enable organizations to use on-
 
 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infrastructure)
+* [Public Key Infrastructure](#public-key-infrastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
-* [MultiFactor Authentication](#multifactor-authentication)
+* [Multifactor Authentication](#multifactor-authentication)
 * [Device Registration](#device-registration)
   
 ## Directories ##
@@ -57,7 +57,7 @@ Review these requirements and those from the Windows Hello for Business planning
 ## Public Key Infrastructure ##
 The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller.
  
-Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  When using Group Policy, hybrid certificate trust deployment use the Windows Server 2016 Active Directory Federation Server (AS FS) as a certificate registration authority.
+Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users.  When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority.
 
 The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012.
 
@@ -96,7 +96,7 @@ The AD FS farm used with Windows Hello for Business must be Windows Server 2016
 ## Multifactor Authentication ##
 Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords.  The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication.
 
-Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS.
+Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service, or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS.
 
 ### Section Review 
 > [!div class="checklist"]
@@ -119,7 +119,7 @@ Hybrid certificate trust deployments need the device write back feature.  Authen
 <br>
 
 ### Next Steps ###
-Follow the Windows Hello for Business hybrid certificate trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**.  
+Follow the Windows Hello for Business hybrid certificate trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**.  
 
 If your environment is already federated, but does not include Azure device registration, choose **Configure Azure Device Registration**. 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index f8613819f5..c622ab65bb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -37,10 +37,10 @@ This baseline provides detailed procedures to move your environment from an on-p
 ## Federated Baseline ##
 The federated baseline helps organizations that have completed their federation with Azure Active Directory and Office 365 and enables them to introduce Windows Hello for Business into their hybrid environment.  This baseline exclusively focuses on the procedures needed to add Azure Device Registration and Windows Hello for Business to an existing hybrid deployment.
 
-Regardless of the baseline you choose, you’re next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
+Regardless of the baseline you choose, your next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
 
 > [!div class="nextstepaction"]
-> [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+> [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 
 <br><br>
 
@@ -48,7 +48,7 @@ Regardless of the baseline you choose, you’re next step is to familiarize your
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. Overview (*You are here*)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index e295b98d48..22b4bd30cd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -18,7 +18,7 @@ ms.date: 08/19/2018
 # Hybrid Windows Hello for Business Provisioning
 
 **Applies to**
--   Windows 10, version 1703 or later
+-   Windows 10, version 1703 or later
 -   Hybrid deployment
 -   Certificate trust
 
@@ -55,17 +55,17 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889).
 
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 > [!NOTE]
-> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning.  With this update, users no longer need to wait for Azure AD Connect to sync their  public key on-premises.  Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. The update needs to be installed on the federation servers.
+> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning.  With this update, users no longer need to wait for Azure AD Connect to sync their  public key on-premises.  Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completing the provisioning. The update needs to be installed on the federation servers.
   
 After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate.  Windows send the certificate request to the AD FS server for certificate enrollment.
   
 The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
 
-The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority.  The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store.  Once this process completes, the Windows Hello for Business provisioning workflow informs the user  they can use their PIN to sign-in through the Windows Action Center.
+The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority.  The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store.  Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Windows Action Center.
 
 <br><br>
 
@@ -73,9 +73,9 @@ The certificate authority validates the certificate was signed by the registrati
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md)
-6. Sign-in and Provision(*You are here*) 
+6. Sign-in and Provision (*You are here*) 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
index 005677d027..949ab5c623 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@@ -74,7 +74,7 @@ Sign-in a domain controller or management workstation with *Domain Admin* equiva
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: Active Directory (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 5784150435..026d6bff2c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -73,7 +73,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: AD FS (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 9333aeef18..26da9ec608 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -79,7 +79,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: Directory Synchronization (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 59da54619d..0e8e0b0ee3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -203,7 +203,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings: PKI (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index 621cb9ab0b..c62c048027 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -197,7 +197,7 @@ Users must receive the Windows Hello for Business group policy settings and have
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business policy settings (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index 3d78b7a719..f127c06ae9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -23,7 +23,7 @@ ms.date: 08/19/2018
 -   Certificate trust
 
  
-You're environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.  
+Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.  
 > [!IMPORTANT]
 > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment.  
 
@@ -44,7 +44,7 @@ For the most efficient deployment, configure these technologies in order beginni
 
 ## Follow the Windows Hello for Business hybrid certificate trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
 5. Configure Windows Hello for Business settings (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index d9874f88c3..4a4a80eced 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -80,7 +80,7 @@ If you do not have an existing public key infrastructure, please review [Certifi
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
 > * Install the root certificate authority certificate for your organization in the user's trusted root certificate store.
-> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url.
+> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based URL.
 
 ### Section Review ###
 
@@ -124,7 +124,7 @@ If your organization uses Azure MFA on a per-consumption model (no licenses), th
 Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings.  Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
 
 #### Azure MFA User States ####
-After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states.  User states determine how you enable Azure MFA for your users.
+After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users.
 
 ### Azure MFA via ADFS ###
 Alternatively, you can configure Windows Server 2016 Active Directory Federation Services (AD FS) to provide additional multi-factor authentication. To configure, read the [Configure AD FS 2016 and Azure MFA](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa) section.
@@ -135,7 +135,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 > * Review the overview and uses of Azure Multifactor Authentication.
 > * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
 > * Create an Azure Multifactor Authentication Provider, if necessary.
-> * Configure Azure Multifactor Authentiation features and settings.
+> * Configure Azure Multifactor Authentication features and settings.
 > * Understand the different User States and their effect on Azure Multifactor Authentication.
 > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server Active Directory Federation Services, if necessary.
 
@@ -148,7 +148,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-key-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. New Installation Baseline (*You are here*)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
index 9a49d7ab15..f7ec72d697 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@@ -38,7 +38,7 @@ Begin configuring device registration to support Hybrid Windows Hello for Busine
 
 To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-setup/)  
 
-Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup) page.  In the **Configuration steps** section, identify you configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark.
+Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup) page.  In the **Configuration steps** section, identify your configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark.
 
 
 <br><br>
@@ -47,7 +47,7 @@ Next, follow the guidance on the [How to configure hybrid Azure Active Directory
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. Configure Azure Device Registration (*You are here*)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index 2c4dc3093c..617e922f94 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -26,7 +26,7 @@ ms.date: 08/19/2018
 You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises.    
 
 ## Deploy Azure AD Connect
-Next, you need to synchronizes the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
+Next, you need to synchronize the on-premises Active Directory with Azure Active Directory.  To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
 
 
 > [!NOTE]
@@ -38,7 +38,7 @@ Next, you need to synchronizes the on-premises Active Directory with Azure Activ
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-key-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. Configure Directory Synchronization (*You are here*)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index f59a78c750..dd447eb2b1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -27,7 +27,7 @@ Hybrid environments are distributed systems that enable organizations to use on-
 
 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infastructure)
+* [Public Key Infrastructure](#public-key-infastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
 * [MultiFactor Authentication](#multifactor-authentication)
@@ -85,7 +85,7 @@ Organizations using older directory synchronization technology, such as DirSync
 <br>
 
 ## Federation with Azure ##
-You can deploy Windows Hello for Business key trust in non-federated and federated environments.  For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication).  For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later. 
+You can deploy Windows Hello for Business key trust in non-federated and federated environments.  For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication).  For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) beginning with Windows Server 2012 R2. 
 
 ### Section Review ###
 > [!div class="checklist"]
@@ -97,7 +97,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat
 ## Multifactor Authentication ##
 Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords.  The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication.
 
-Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provides by Windows Server 2012 R2 or later Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multi-factor authentication into AD FS.
+Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication (MFA) service or they can use multifactor authentication provided by AD FS beginning with Windows Server 2012 R2, which includes an adapter model that enables third parties to integrate their MFA into AD FS. The MFA enabled by an Office 365 license is sufficient for Azure AD.
 
 ### Section Review 
 > [!div class="checklist"]
@@ -118,9 +118,9 @@ Organizations wanting to deploy hybrid key trust need their domain joined device
 <br>
 
 ### Next Steps ###
-Follow the Windows Hello for Business hybrid key trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**.  
+Follow the Windows Hello for Business hybrid key trust deployment guide.  For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**.  
 
-For environments transitioning from on-premises to hybrid, start with  **Configure Azure Directory Syncrhonization**. 
+For environments transitioning from on-premises to hybrid, start with  **Configure Azure Directory Synchronization**. 
 
 For federated and non-federated environments, start with **Configure Windows Hello for Business settings**.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index 303b6ce403..129be903cb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -34,10 +34,10 @@ The new deployment baseline helps organizations who are moving to Azure and Offi
  
 This baseline provides detailed procedures to move your environment from an on-premises only environment to a hybrid environment using Windows Hello for Business to authenticate to Azure Active Directory and to your on-premises Active Directory using a single Windows sign-in.
  
-You’re next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
+Your next step is to familiarize yourself with the prerequisites needed for the deployment.  Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates.
 
 > [!div class="nextstepaction"]
-> [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+> [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 
 <br><br>
 
@@ -45,7 +45,7 @@ You’re next step is to familiarize yourself with the prerequisites needed for
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. Overview (*You are here*)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
index ce9f57fac1..7408c60b57 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
@@ -58,7 +58,7 @@ Sign-in a domain controller or management workstation with *Domain Admin* equiva
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index 3f6e263084..d8aa1c79aa 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -55,7 +55,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
index 92f7ec3365..aca13f5300 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@@ -168,7 +168,7 @@ Users must receive the Windows Hello for Business group policy settings and have
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index 5aaee3a860..f7b76f34e8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -45,7 +45,7 @@ For the most efficient deployment, configure these technologies in order beginni
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
 1. [Overview](hello-hybrid-cert-trust.md)
-2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
+2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
 3. [New Installation Baseline](hello-hybrid-key-new-install.md)
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 1700566e52..996e8121b8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -77,7 +77,7 @@ A deployment's trust type defines how each Windows Hello for Business client aut
   
 The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
-The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers.  Users can authenticate using their certificate to any Windows Server 2008 R2 or later domain controller.
+The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)).  Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
 
 #### Device registration
 
@@ -101,7 +101,6 @@ Cloud only and hybrid deployments provide many choices for multi-factor authenti
 >    * Azure Active Directory Premium
 >    * Enterprise Mobility Suite
 >    * Enterprise Cloud Suite
->* A per-user and per-authentication consumption-based model that is billed monthly against Azure monetary commitment (Read [Multi-Factor Authentication Pricing](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) for more information)
 
 #### Directory synchronization
 
@@ -136,7 +135,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in
 
 ### Cloud
 
-Some deployment combinations require an Azure account and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional.
+Some deployment combinations require an Azure account, and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional.
 
 ## Planning a Deployment
 
@@ -150,13 +149,13 @@ Choose the deployment model based on the resources your users access.  Use the f
 
 If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet.
 
-If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
+If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users' access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet.
 
 If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet.
 >[!NOTE]
 >If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results.  
 >```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords```
->* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exist, then you environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
+>* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS.  Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**.  If the object truly does not exist, then your environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type.
 >* If the command returns a value, compare that value with the values below.  The value indicates the deployment model you should implement
 >    * If the value begins with **azureADName:**  – write **Hybrid** in box **1a**on your planning worksheet.
  >   * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet.
@@ -197,7 +196,7 @@ If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in
 
 If box **1a** on your planning worksheet reads **hybrid**, then write **Azure AD Connect** in box **1e** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**.  This deployment exclusively uses Active Directory for user information with the exception of the multi-factor authentication.  The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multi-factor authentication while the user’s credential remain on the on-premises network.
+If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**.  This deployment exclusively uses Active Directory for user information with the exception of the multi-factor authentication.  The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multi-factor authentication while the user’s credentials remain on the on-premises network.
 
 ### Multifactor Authentication
 
@@ -274,7 +273,7 @@ Public key infrastructure prerequisites already exist in your planning worksheet
 
 If box **1a** on your planning worksheet reads **cloud only**, ignore the public key infrastructure section of your planning worksheet.  Cloud only deployments do not use a public key infrastructure.
 
-If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet.
+If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet. Key trust doesn't require any change in public key infrastructure, skip this part and go to **Cloud** section.
 
 The registration authority only relates to certificate trust deployments and the management used for domain and non-domain joined devices.  Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates.  Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. 
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index c9ba5464a6..9ea0ddd3dc 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -529,7 +529,7 @@ Disable-BitLocker -MountPoint E:,F:,G:
 ```
 ## See also
 
-- [Prepare your organization for BitLocker: Planning and p\\olicies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
+- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [BitLocker recovery guide](bitlocker-recovery-guide-plan.md)
 - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
 - [BitLocker overview](bitlocker-overview.md)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 3f858bbcb9..263963d4db 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -19,7 +19,7 @@ ms.date: 11/29/2018
 # Trusted Platform Module Technology Overview
 
 **Applies to**
--   Windows 10
+-   Windows 10
 -   Windows Server 2016
 -   Windows Server 2019
 
@@ -53,13 +53,13 @@ Certificates can be installed or created on computers that are using the TPM. Af
 
 Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process.
 
-Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
+Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
 
 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
 
 ## New and changed functionality
 
-For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module).
+For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module).
 
 ## Device health attestation
 
@@ -78,7 +78,7 @@ Some things that you can check on the device are:
 
 ## Supported versions for device health attestation
 
-| TPM version | Windows 10  | Windows Server 2016 | Windows Server 2019 |
+| TPM version | Windows 10  | Windows Server 2016 | Windows Server 2019 |
 |-------------|-------------|---------------------|---------------------|
 | TPM 1.2     | >= ver 1607 |    >= ver 1607      |       Yes           |
 | TPM 2.0     |    Yes      |        Yes          |       Yes           |
@@ -87,5 +87,12 @@ Some things that you can check on the device are:
 ## Related topics
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
--   [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule)
--   [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
+- [Details on the TPM standard](https://www.microsoft.com/en-us/research/project/the-trusted-platform-module-tpm/) (has links to features using TPM)
+- [TPM Base Services Portal](https://docs.microsoft.com/en-us/windows/desktop/TBS/tpm-base-services-portal)
+- [TPM Base Services API](https://docs.microsoft.com/en-us/windows/desktop/api/_tbs/)
+- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule)
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
+- [Azure device provisioning: Identity attestation with TPM](https://azure.microsoft.com/en-us/blog/device-provisioning-identity-attestation-with-tpm/)
+- [Azure device provisioning: A manufacturing timeline for TPM devices](https://azure.microsoft.com/en-us/blog/device-provisioning-a-manufacturing-timeline-for-tpm-devices/)
+- [Windows 10: Enabling vTPM (Virtual TPM)](https://social.technet.microsoft.com/wiki/contents/articles/34431.windows-10-enabling-vtpm-virtual-tpm.aspx)
+- [How to Multiboot with Bitlocker, TPM, and a Non-Windows OS](https://social.technet.microsoft.com/wiki/contents/articles/9528.how-to-multiboot-with-bitlocker-tpm-and-a-non-windows-os.aspx)
\ No newline at end of file
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 2a82682a3c..33ced2e6e3 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -11,7 +11,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/29/2019
+ms.date: 05/13/2019
 ---
 
 # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
@@ -21,7 +21,7 @@ ms.date: 04/29/2019
 -   Windows 10, version 1607 and later
 -   Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop)
 
-Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune only manages the apps on a user's personal device.
+Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
 
 ## Differences between MDM and MAM for WIP
 
@@ -39,7 +39,7 @@ You can create an app protection policy in Intune either with device enrollment
 
 ## Prerequisites
 
-Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. 
+Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. 
 
 ## Configure the MDM or MAM provider
 
@@ -98,7 +98,7 @@ Select **Store apps**, type the app product name and publisher, and click **OK**
 
 ![Add Store app](images\add-a-protected-store-app.png)
 
-To add multiple Store apps, click the elipsis **…**. 
+To add multiple Store apps, click the ellipsis **…**. 
 
 If you don't know the Store app publisher or product name, you can find them by following these steps.
 
@@ -187,7 +187,7 @@ To add **Desktop apps**, complete the following fields, based on what results yo
     </tr>
 </table>
 
-To add another Desktop app, click the elipsis **…**. After you’ve entered the info into the fields, click **OK**.
+To add another Desktop app, click the ellipsis **…**. After you’ve entered the info into the fields, click **OK**.
 
 ![Microsoft Intune management console: Adding Desktop app info](images/wip-azure-add-desktop-apps.png)
  
@@ -403,7 +403,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor
    ![Add protected domains](images/add-protected-domains.png)
 
 ## Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include policy that defines your enterprise network locations. 
+After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include your enterprise network locations. 
 
 There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
 
@@ -562,56 +562,50 @@ After you create and deploy your WIP policy to your employees, Windows begins to
     ![Microsoft Intune, Upload your Data Recovery Agent (DRA) certificate](images/wip-azure-advanced-settings-efsdra.png)
 
 ## Choose your optional WIP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
+After you've decided where your protected apps can access enterprise data on your network, you can choose optional settings.
 
-**To set your optional settings**
-
-1.	Choose to set any or all optional settings:
-
-    ![Microsoft Intune, Choose if you want to include any of the optional settings](images/wip-azure-advanced-settings-optional.png)
-    
-    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
+![Advanced optional settings ](images/wip-azure-advanced-settings-optional.png)
+   
+**Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
         
-        - **On.** Turns on the feature and provides the additional protection.
+- **On.** Turns on the feature and provides the additional protection.
         
-        - **Off, or not configured.** Doesn't enable this feature.
+- **Off, or not configured.** Doesn't enable this feature.
     
-    - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
+**Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
     
-        - **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
+- **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
         
-        - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
+- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
         
-    - **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
+**Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
     
-        - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
+- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
         
-        - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option.
+- **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. 
         
-    - **Use Azure RMS for WIP.** Determines whether to use Azure Rights Management encryption with Windows Information Protection.
+**Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). 
     
-        - **On.** Starts using Azure Rights Management encryption with WIP. By turning this option on, you can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. For more info about setting up Azure Rights management and using a template ID with WIP, see the [Choose to set up Azure Rights Management with WIP](#choose-to-set-up-azure-rights-management-with-wip) section of this topic.
+- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. 
         
-        - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP.
-
-    - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
-    
-        - **On.** Starts Windows Search Indexer to index encrypted files.
-    
-        - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
-
-## Choose to set up Azure Rights Management with WIP
-WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up.
-
-To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703.
-
-Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that is copied to a removable drive.
-
->[!IMPORTANT]
->Curly braces -- {} -- are required around the RMS Template ID.
+  If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that all users can access.
+        
+- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
 
 >[!NOTE]
->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic.
+>Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
+
+**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
+    
+- **On.** Starts Windows Search Indexer to index encrypted files.
+    
+- **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
+
+## Encrypted file extensions
+
+You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. 
+
+![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png)
 
 ## Related topics
 
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
index 6edf443eb3..8cb0bcd6e9 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/30/2019
+ms.date: 05/13/2019
 ---
 
 # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager
@@ -474,13 +474,13 @@ After you've decided where your protected apps can access enterprise data on you
 
 	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
 
-    - **Revoke local encryption keys during the unerollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
+    - **Revoke local encryption keys during the unenrollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
 
         - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
         
         - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions.
 
-    - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Choose to set up Azure Rights Management with WIP](create-wip-policy-using-intune-azure.md#choose-to-set-up-azure-rights-management-with-wip). To confirm what templates your tenant has, run [Get-AadrmTemplate](https://docs.microsoft.com/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](https://docs.microsoft.com/azure/information-protection/administer-powershell).
+    - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Create a WIP policy using Intune](create-wip-policy-using-intune-azure.md). To confirm what templates your tenant has, run [Get-AadrmTemplate](https://docs.microsoft.com/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](https://docs.microsoft.com/azure/information-protection/administer-powershell). If you don’t specify a template, WIP uses a key from a default RMS template that everyone in the tenant will have access to.
 
 2. After you pick all of the settings you want to include, click **Summary**.
 
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 3de2479c2a..600663b95b 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 02/26/2019
+ms.date: 05/02/2019
 ---
 
 # List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
@@ -70,6 +70,9 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
 
 - Microsoft Remote Desktop
 
+>[!NOTE] 
+>Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
+
 ## List of WIP-work only apps from Microsoft
 Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions.
 
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png
index cd8e0d0388..785925efdf 100644
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png
new file mode 100644
index 0000000000..8ec000d2a7
Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png differ
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e65fbfe36a..eb9c04d03f 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1,10 +1,10 @@
 # [Threat protection](index.md)
 
-## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
+## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
 
-### [Overview](windows-defender-atp/overview.md)
-#### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)
-##### [Hardware-based isolation](windows-defender-atp/overview-hardware-based-isolation.md)
+### [Overview](microsoft-defender-atp/overview.md)
+#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
+##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md)
 ###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md)
 ####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
 ###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
@@ -15,104 +15,106 @@
 ##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
 ##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 #### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
-##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
+##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
 
-##### [Incidents queue](windows-defender-atp/incidents-queue.md)
-###### [View and organize the Incidents queue](windows-defender-atp/view-incidents-queue.md)
-###### [Manage incidents](windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md)
-###### [Investigate incidents](windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md)
+##### [Incidents queue](microsoft-defender-atp/incidents-queue.md)
+###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
+###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
+###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
 
 
 
 ##### Alerts queue
-###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
-###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
-###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
-###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
-###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
-###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
-###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
+###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
+###### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
+###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
+###### [Investigate files](microsoft-defender-atp/investigate-files.md)
+###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
+###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
+###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
+###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
  
 ##### Machines list
-###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-###### [Manage machine group and tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md)
-###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
+###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
+###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
+###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline)
+####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
+####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
+####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
+####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
 
 
-##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+##### [Take response actions](microsoft-defender-atp/response-actions.md)
+###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md)
+####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
+####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
+####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
+####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
+####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
+####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
+####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
  
-###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md)
+####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
+####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
+####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
+####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
+####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
+####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
+####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
+####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
+####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
  
+###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md)
+#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
 
-#### [Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
-##### [Learn about the automated investigation and remediation dashboard](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
+##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
 
 
-#### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
-#### [Threat analytics](windows-defender-atp/threat-analytics.md)
+#### [Secure score](microsoft-defender-atp/overview-secure-score.md)
+#### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
 
-#### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
-##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
-###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
-##### [Custom detections](windows-defender-atp/overview-custom-detections.md)
-###### [Create custom detections rules](windows-defender-atp/custom-detection-rules.md)
+#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md)
+##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
+###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
+###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
+##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md)
+###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
 
  
 
-#### [Management and APIs](windows-defender-atp/management-apis.md)
-##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP APIs](windows-defender-atp/apis-intro.md)
-##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
+#### [Management and APIs](microsoft-defender-atp/management-apis.md)
+##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
+##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
+##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
 
-#### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)
-#####  [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
-##### [Microsoft Cloud App Security integration overview](windows-defender-atp/microsoft-cloud-app-security-integration.md)
-##### [Information protection in Windows overview](windows-defender-atp/information-protection-in-windows-overview.md)
+#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md)
+#####  [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
+##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
+##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md)
 
 
 
-#### [Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)
+#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
 
 
 
-#### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
+#### [Portal overview](microsoft-defender-atp/portal-overview.md)
 
 
 
-### [Get started](windows-defender-atp/get-started.md)
-#### [What's new in Windows Defender ATP](windows-defender-atp/whats-new-in-windows-defender-atp.md)
-#### [Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
-#### [Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md)
-#### [Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md)
-#### [Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md)
-#### [Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md)
+### [Get started](microsoft-defender-atp/get-started.md)
+#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
+#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
+#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
+#### [Preview features](microsoft-defender-atp/preview.md)
+#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
+#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
 
-#### [Evaluate Windows Defender ATP](windows-defender-atp/evaluate-atp.md)
+#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md)
 #####Evaluate attack surface reduction
 ###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
 ###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
@@ -123,10 +125,10 @@
 ###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
 ##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
-#### [Access the Windows Defender Security Center Community Center](windows-defender-atp/community-windows-defender-advanced-threat-protection.md)
+#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
 
-### [Configure and manage capabilities](windows-defender-atp/onboard.md)
-#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md)
+### [Configure and manage capabilities](microsoft-defender-atp/onboard.md)
+#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md)
 #####Hardware-based isolation
 ###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
 ###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
@@ -213,208 +215,208 @@
 ###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
 
-#### [Configure Secure score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md) 
+#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) 
 
 
 #### Management and API support
-##### [Onboard machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
-###### [Onboard previous versions of Windows](windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md)
-###### [Onboard Windows 10 machines](windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md)
-####### [Onboard machines using Group Policy](windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-####### [Onboard machines using System Center Configuration Manager](windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-####### [Onboard machines using Mobile Device Management tools](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-######## [Onboard machines using Microsoft Intune](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
-####### [Onboard machines using a local script](windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines without Internet access](windows-defender-atp/onboard-offline-machines.md)
-###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
-###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
-###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines](microsoft-defender-atp/onboard-configure.md)
+###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
+###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md)
+####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
+####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
+####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
+######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
+####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
+####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
+###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
+###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
+###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
+###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
+###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
+###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
+###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md)
+####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
    
-##### [Windows Defender ATP API](windows-defender-atp/use-apis.md)
-###### [Get started with Windows Defender ATP APIs](windows-defender-atp/apis-intro.md)
-####### [Hello World](windows-defender-atp/api-hello-world.md)
-####### [Get access with application context](windows-defender-atp/exposed-apis-create-app-webapp.md)
-####### [Get access with user context](windows-defender-atp/exposed-apis-create-app-nativeapp.md)
-###### [APIs](windows-defender-atp/exposed-apis-list.md)
+##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md)
+###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
+####### [Hello World](microsoft-defender-atp/api-hello-world.md)
+####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
+####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
+###### [APIs](microsoft-defender-atp/exposed-apis-list.md)
 
-####### [Advanced Hunting](windows-defender-atp/run-advanced-query-api.md)
+####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
 
-####### [Alert](windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md)
-######## [List alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Create alert](windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)
-######## [Update Alert](windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md)
-######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md)
-######## [Get alert related domains information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)
-######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md)
-######## [Get alert related IPs information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md)
-######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md)
-######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md)
+####### [Alert](microsoft-defender-atp/alerts.md)
+######## [List alerts](microsoft-defender-atp/get-alerts.md)
+######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
+######## [Update Alert](microsoft-defender-atp/update-alert.md)
+######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
+######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
+######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
+######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
+######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
+######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
 
-####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md)
-######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
-######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
-######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
-######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Add or Remove machine tags](windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md)
-######## [Find machines by IP](windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md)
+####### [Machine](microsoft-defender-atp/machine.md)
+######## [List machines](microsoft-defender-atp/get-machines.md)
+######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
+######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
+######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
+######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
+######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
 
-####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md)
-######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
-######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
-######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
-######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md)
-######## [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md)
-######## [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md)
-######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md)
-######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md)
-######## [Offboard machine](windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
-######## [Stop and quarantine file](windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
-######## [Initiate investigation (preview)](windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md)
+####### [Machine Action](microsoft-defender-atp/machineaction.md)
+######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
+######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
+######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
+######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
+######## [Isolate machine](microsoft-defender-atp/isolate-machine.md)
+######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
+######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
+######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
+######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
+######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
+######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
+######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
 
-####### [Indicators (preview)](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md)
-######## [Submit Indicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
-######## [List Indicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
-######## [Delete Indicator](windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
+####### [Indicators](microsoft-defender-atp/ti-indicator.md)
+######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
+######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
+######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
 
 ####### Domain
-######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md)
-######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md)
-######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md)
+######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
+######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
+######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
+######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
 
-####### [File](windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md)
-######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md)
-######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md)
-######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md)
+####### [File](microsoft-defender-atp/files.md)
+######## [Get file information](microsoft-defender-atp/get-file-information.md)
+######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
+######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
+######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
 
 ####### IP
-######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md)
-######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md)
-######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
+######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
+######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
+######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
+######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
 
-####### [User](windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md)
-######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md)
+####### [User](microsoft-defender-atp/user.md)
+######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
+######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
 
 
 ###### How to use APIs - Samples
 ####### Advanced Hunting API
-######## [Schedule advanced Hunting using Microsoft Flow](windows-defender-atp/run-advanced-query-sample-ms-flow.md)
-######## [Advanced Hunting using PowerShell](windows-defender-atp/run-advanced-query-sample-powershell.md)
-######## [Advanced Hunting using Python](windows-defender-atp/run-advanced-query-sample-python.md)
-######## [Create custom Power BI reports](windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
+######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
+######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
+######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
+######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
 ####### Multiple APIs
-######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md)
-####### [Using OData Queries](windows-defender-atp/exposed-apis-odata-samples.md)
+######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
+####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
 
 
 #####Windows updates (KB) info
-###### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
+###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
 #####Common Vulnerabilities and Exposures (CVE) to KB map
-###### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
+###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
  
 
-##### API for custom alerts
-###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+##### API for custom alerts (Deprecated)
+###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
+###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
+###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
+###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
+###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
+###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
+###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
  
 
-##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-###### [Windows Defender ATP SIEM alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-###### [Pull alerts using SIEM REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md)
+###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
+###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
+###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
+###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
+###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
+###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
 
 
 ##### Reporting
-###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md)
-###### [Machine health and compliance reports](windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md)
+###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
+###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
+###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
 
 ##### Interoperability
-###### [Partner applications](windows-defender-atp/partner-applications.md)
+###### [Partner applications](microsoft-defender-atp/partner-applications.md)
 
 
 ##### Role-based access control
-###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
-####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md)
-####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
-######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md)
+###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
+####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
+####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
+######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
 
 
-##### [Configure managed security service provider (MSSP) support](windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md)
+##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
 
 
-#### [Configure and manage Microsoft Threat Experts capabilities](windows-defender-atp/configure-microsoft-threat-experts.md)
+#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
 
 
 
 #### Configure Microsoft threat protection integration
-##### [Configure conditional access](windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md)
-##### [Configure Microsoft Cloud App Security integration](windows-defender-atp/microsoft-cloud-app-security-config.md)
-##### [Configure information protection in Windows](windows-defender-atp/information-protection-in-windows-config.md)
+##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
+##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
+##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
 
 
 
 
-#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
+#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md)
 ##### General
-###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md)
-###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md)
-###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-###### [Enable Secure score security controls](windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md)
-###### [Configure advanced features](windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md)
+###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
+###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
+###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
+###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
+###### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
   
 ##### Permissions
-###### [Use basic permissions to access the portal](windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md)
-###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
-####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md)
-####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
-######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md)
+###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
+###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
+####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
+####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
+######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
   
 ##### APIs
-###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
+###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
+###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
   
 #####Rules
-###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
-###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-###### [Manage indicators](windows-defender-atp/manage-indicators.md)
-###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
+###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
+###### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
+###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
+###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
   
 #####Machine management
-###### [Onboarding machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
-###### [Offboarding machines](windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md)
+###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
+###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
   
-##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
   
 
-### [Troubleshoot Windows Defender ATP](windows-defender-atp/troubleshoot-wdatp.md)
+### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md)
 ####Troubleshoot sensor state
-##### [Check sensor state](windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md)
-##### [Fix unhealthy sensors](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-##### [Inactive machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-##### [Misconfigured machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-##### [Review sensor events and errors on machines with Event Viewer](windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md)
+##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
+##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
+##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
+##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
+##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
 
-#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md)
-##### [Check service health](windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md)
+#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
+##### [Check service health](microsoft-defender-atp/service-status.md)
 
 ####Troubleshoot attack surface reduction
 ##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index 842cb0b7bb..c40587d323 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -63,6 +63,8 @@ Detailed Tracking security policy settings and audit events can be used to monit
 -   [Audit Process Termination](audit-process-termination.md)
 -   [Audit RPC Events](audit-rpc-events.md)
 
+> **Note:**  For more information, see [Security Monitoring](https://blogs.technet.microsoft.com/nathangau/2018/01/25/security-monitoring-a-possible-new-way-to-detect-privilege-escalation/)
+
 ## DS Access
 
 DS Access security audit policy settings provide a detailed audit trail of attempts to access and modify objects in Active Directory Domain Services (AD DS). These audit events are logged only on domain controllers. This category includes the following subcategories:
@@ -90,7 +92,7 @@ Logon/Logoff security policy settings and audit events allow you to track attemp
 
 ## Object Access
 
-Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate object Aaccess auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses.
+Object Access policy settings and audit events allow you to track attempts to access specific objects or types of objects on a network or computer. To audit attempts to access a file, directory, registry key, or any other object, you must enable the appropriate Object Access auditing subcategory for success and/or failure events. For example, the file system subcategory needs to be enabled to audit file operations, and the Registry subcategory needs to be enabled to audit registry accesses.
 
 Proving that these audit policies are in effect to an external auditor is more difficult. There is no easy way to verify that the proper SACLs are set on all inherited objects. To address this issue, see [Global Object Access Auditing](#global-object-access-auditing).
 
diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 1deaa652b8..76b8efdb9f 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -10,16 +10,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 08/11/2018
 ms.localizationpriority: medium
 ---
 
 # Change history for threat protection
-This topic lists new and updated topics in the [Windows Defender ATP](windows-defender-atp/windows-defender-advanced-threat-protection.md) documentation.
+This topic lists new and updated topics in the [Microsoft Defender ATP](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) documentation.
 
 ## August 2018
 
 New or changed topic | Description
 ---------------------|------------
-[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Windows Defender ATP platform.
+[Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Windows Defender ATP platform.
 
diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
index b56a7a46b9..bdf572c022 100644
--- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@@ -23,7 +23,7 @@ Using configurable code integrity to restrict devices to only authorized apps ha
 
 1. Configurable code integrity policy is enforced by the Windows kernel itself. As such, the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run. 
 2. Configurable code integrity allows customers to set application control policy not only over code running in user mode, but also kernel mode hardware and software drivers and even code that runs as part of Windows. 
-3. Customers can protect the configurable code integrity policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organization’s digital signing process, making it extremely difficult for an attacker with administrative privledge, or malicious software that managed to gain administrative privilege, to alter the application control policy. 
+3. Customers can protect the configurable code integrity policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organization’s digital signing process, making it extremely difficult for an attacker with administrative privilege, or malicious software that managed to gain administrative privilege, to alter the application control policy. 
 4. The entire configurable code integrity enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is significantly diminished. Why is this relevant? That’s because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by configurable code integrity or any other application control solution.
 
 ## (Re-)Introducing Windows Defender Application Control
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 0359a92351..bface3f851 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -1,7 +1,7 @@
 ---
 title: Threat Protection (Windows 10)
-description: Learn how Windows Defender ATP helps protect against threats.
-keywords: threat protection, windows defender advanced threat protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting
+description: Learn how Microsoft Defender ATP helps protect against threats.
+keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -12,12 +12,9 @@ ms.localizationpriority: medium
 ---
 
 # Threat Protection
-[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
+[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
 
->[!Note]
-> The Windows Defender Security Center is currently going through rebranding. All references to Windows Defender will be replaced with Microsoft Defender. You will see the updates in the user interface and in the documentation library in next few months.
-
-<center><h2>Windows Defender ATP</center></h2>
+<center><h2>Microsoft Defender ATP</center></h2>
 <table>
 <tr>
 <td><a href="#tvm"><center><img src="images/TVM_icon.png"> <br><b>Threat & Vulnerability Management</b></center></a></td>
@@ -40,19 +37,19 @@ ms.localizationpriority: medium
 
 <a name="tvm"></a>
 
-**[Threat & Vulnerability Management](windows-defender-atp/next-gen-threat-and-vuln-mgt.md)**<br>
+**[Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)**<br>
 This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. 
-- [Risk-based Threat & Vulnerability Management](windows-defender-atp/next-gen-threat-and-vuln-mgt.md) 
-- [What's in the dashboard and what it means for my organization](windows-defender-atp/tvm-dashboard-insights.md)
-- [Configuration score](windows-defender-atp/configuration-score.md)
-- [Scenarios](windows-defender-atp/threat-and-vuln-mgt-scenarios.md)
+- [Risk-based Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) 
+- [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
+- [Configuration score](microsoft-defender-atp/configuration-score.md)
+- [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
 
 <a name="asr"></a>
 
-**[Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)**<br>
+**[Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)**<br>
 The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
 
-- [Hardware based isolation](windows-defender-atp/overview-hardware-based-isolation.md) 
+- [Hardware based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md) 
 - [Application control](windows-defender-application-control/windows-defender-application-control.md)
 - [Device control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 - [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
@@ -64,7 +61,7 @@ The attack surface reduction set of capabilities provide the first line of defen
 <a name="ngp"></a>
 
 **[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**<br>
-To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
 
 - [Behavior monitoring](/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus)
 - [Cloud-based protection](/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus)
@@ -74,67 +71,67 @@ To further reinforce the security perimeter of your network, Windows Defender AT
 
 <a name="edr"></a>
 
-**[Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)**<br>
+**[Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)**<br>
 Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
 
-- [Alerts](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Historical endpoint data](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-- [Response orchestration](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-- [Forensic collection](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-- [Threat intelligence](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Advanced detonation and analysis service](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-- [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
-    - [Custom detection](windows-defender-atp/overview-custom-detections.md)
-    - [Realtime and historical hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
+- [Alerts](microsoft-defender-atp/alerts-queue.md)
+- [Historical endpoint data](microsoft-defender-atp/investigate-machines.md#machine-timeline)
+- [Response orchestration](microsoft-defender-atp/response-actions.md)
+- [Forensic collection](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
+- [Threat intelligence](microsoft-defender-atp/threat-indicator-concepts.md)
+- [Advanced detonation and analysis service](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
+- [Advanced hunting](microsoft-defender-atp/overview-hunting.md)
+    - [Custom detection](microsoft-defender-atp/overview-custom-detections.md)
+    - [Realtime and historical hunting](microsoft-defender-atp/advanced-hunting.md)
 
 <a name="ai"></a>
 
-**[Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
-In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+**[Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)**<br>
+In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 
-- [Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
-- [Threat remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#how-threats-are-remediated)
-- [Manage automated investigations](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
-- [Analyze automated investigation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md#analyze-automated-investigations)
+- [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
+- [Threat remediation](microsoft-defender-atp/automated-investigations.md#how-threats-are-remediated)
+- [Manage automated investigations](microsoft-defender-atp/manage-auto-investigation.md)
+- [Analyze automated investigation](microsoft-defender-atp/manage-auto-investigation.md#analyze-automated-investigations)
 
 <a name="ss"></a>
 
-**[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>
-Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
-- [Asset inventory](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-- [Recommended improvement actions](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-- [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
-- [Threat analytics](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+**[Secure score](microsoft-defender-atp/overview-secure-score.md)**<br>
+Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
+- [Asset inventory](microsoft-defender-atp/secure-score-dashboard.md)
+- [Recommended improvement actions](microsoft-defender-atp/secure-score-dashboard.md)
+- [Secure score](microsoft-defender-atp/overview-secure-score.md)
+- [Threat analytics](microsoft-defender-atp/threat-analytics.md)
 
 <a name="mte"></a>
 
-**[Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)**<br>
-Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. 
+**[Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)**<br>
+Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. 
 
-- [Targeted attack notification](windows-defender-atp/microsoft-threat-experts.md)
-- [Experts-on-demand](windows-defender-atp/microsoft-threat-experts.md)
-- [Configure your Microsoft Threat Experts managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md)
+- [Targeted attack notification](microsoft-defender-atp/microsoft-threat-experts.md)
+- [Experts-on-demand](microsoft-defender-atp/microsoft-threat-experts.md)
+- [Configure your Microsoft Threat Protection managed hunting service](microsoft-defender-atp/configure-microsoft-threat-experts.md)
 
 <a name="apis"></a>
 
-**[Management and APIs](windows-defender-atp/management-apis.md)**<br>
-Integrate Windows Defender Advanced Threat Protection into your existing workflows.
-- [Onboarding](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
-- [API and SIEM integration](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-- [Exposed APIs](windows-defender-atp/use-apis.md)
-- [Role-based access control (RBAC)](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
-- [Reporting and trends](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
+**[Management and APIs](microsoft-defender-atp/management-apis.md)**<br>
+Integrate Microsoft Defender Advanced Threat Protection into your existing workflows.
+- [Onboarding](microsoft-defender-atp/onboard-configure.md)
+- [API and SIEM integration](microsoft-defender-atp/configure-siem.md)
+- [Exposed APIs](microsoft-defender-atp/use-apis.md)
+- [Role-based access control (RBAC)](microsoft-defender-atp/rbac.md)
+- [Reporting and trends](microsoft-defender-atp/powerbi-reports.md)
 
 <a name="mtp"></a>
 
-**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)** <br>
- Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
-- [Conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
-- [O365 ATP](windows-defender-atp/threat-protection-integration.md)
-- [Azure ATP](windows-defender-atp/threat-protection-integration.md)
-- [Azure Security Center](windows-defender-atp/threat-protection-integration.md)
-- [Skype for Business](windows-defender-atp/threat-protection-integration.md) 
-- [Microsoft Cloud App Security](windows-defender-atp/microsoft-cloud-app-security-integration.md)
+**[Microsoft Threat Protection](microsoft-defender-atp/threat-protection-integration.md)** <br>
+ Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
+- [Conditional access](microsoft-defender-atp/conditional-access.md)
+- [O365 ATP](microsoft-defender-atp/threat-protection-integration.md)
+- [Azure ATP](microsoft-defender-atp/threat-protection-integration.md)
+- [Azure Security Center](microsoft-defender-atp/threat-protection-integration.md)
+- [Skype for Business](microsoft-defender-atp/threat-protection-integration.md) 
+- [Microsoft Cloud App Security](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
 
 
 
diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md
index 890f7e0401..69dfef35ee 100644
--- a/windows/security/threat-protection/intelligence/safety-scanner-download.md
+++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md
@@ -22,6 +22,8 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from
 
 - [Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732)
 
+> **NOTE** The security intelligence update version of the Microsoft Safety Scaner matches the version described [in this web page](https://www.microsoft.com/en-us/wdsi/definitions).
+
 Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.
 
 > **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection).
@@ -49,4 +51,4 @@ For more information about the Safety Scanner, see the support article on [how t
 - [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download)
 - [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware)
 - [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission)
-- [Microsoft antimalware and threat protection solutions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection)
\ No newline at end of file
+- [Microsoft antimalware and threat protection solutions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection)
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
similarity index 53%
rename from windows/security/threat-protection/windows-defender-atp/TOC.md
rename to windows/security/threat-protection/microsoft-defender-atp/TOC.md
index d3ade96a48..cb802c617a 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
@@ -1,4 +1,4 @@
-# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
+# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
 
 ## [Overview](overview.md)
 ### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
@@ -20,97 +20,105 @@
 #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
 ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 ### [Endpoint detection and response](overview-endpoint-detection-response.md)
-#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+#### [Security operations dashboard](security-operations-dashboard.md)
 
 
 #### [Incidents queue](incidents-queue.md)
 ##### [View and organize the Incidents queue](view-incidents-queue.md)
-##### [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
-##### [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
+##### [Manage incidents](manage-incidents.md)
+##### [Investigate incidents](investigate-incidents.md)
 
 
 #### Alerts queue
-##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
-
+##### [View and organize the Alerts queue](alerts-queue.md)
+##### [Manage alerts](manage-alerts.md)
+##### [Investigate alerts](investigate-alerts.md)
+##### [Investigate files](investigate-files.md)
+##### [Investigate machines](investigate-machines.md)
+##### [Investigate an IP address](investigate-ip.md)
+##### [Investigate a domain](investigate-domain.md)
+##### [Investigate a user account](investigate-user.md)
  
 #### Machines list
-##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](machine-tags-windows-defender-advanced-threat-protection.md)
-##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+##### [View and organize the Machines list](machines-view-overview.md)
+##### [Manage machine group and tags](machine-tags.md)
+##### [Alerts related to this machine](investigate-machines.md#alerts-related-to-this-machine)
+##### [Machine timeline](investigate-machines.md#machine-timeline)
+###### [Search for specific events](investigate-machines.md#search-for-specific-events)
+###### [Filter events from a specific date](investigate-machines.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](investigate-machines.md#export-machine-timeline-events)
+###### [Navigate between pages](investigate-machines.md#navigate-between-pages)
 
 
-#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+#### [Take response actions](response-actions.md)
+##### [Take response actions on a machine](respond-machine-alerts.md)
+###### [Collect investigation package](respond-machine-alerts.md#collect-investigation-package-from-machines)
+###### [Run antivirus scan](respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution)
+###### [Remove app restriction](respond-machine-alerts.md#remove-app-restriction)
+###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
+###### [Release machine from isolation](respond-machine-alerts.md#release-machine-from-isolation)
+###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
  
-##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
- 
-### [Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)
-#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+##### [Take response actions on a file](respond-file-alerts.md)
+###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
+###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine)
+###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network)
+###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list)
+###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center)
+###### [Deep analysis](respond-file-alerts.md#deep-analysis)
+###### [Submit files for analysis](respond-file-alerts.md#submit-files-for-analysis)
+###### [View deep analysis reports](respond-file-alerts.md#view-deep-analysis-reports)
+###### [Troubleshoot deep analysis](respond-file-alerts.md#troubleshoot-deep-analysis)
+
+##### [Investigate entities using Live response](live-response.md)
+###### [Live response command examples](live-response-command-examples.md)
+
+### [Automated investigation and remediation](automated-investigations.md)
+#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
 
 
-### [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
+### [Secure score](overview-secure-score.md)
+### [Threat analytics](threat-analytics.md)
 
 ### [Microsoft Threat Experts](microsoft-threat-experts.md)
 
 ### [Threat analytics](threat-analytics.md)
 
-### [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)
-#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+### [Advanced hunting](overview-hunting.md)
+#### [Query data using Advanced hunting](advanced-hunting.md)
+##### [Advanced hunting reference](advanced-hunting-reference.md)
+##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
 #### [Custom detections](overview-custom-detections.md)
 #####[Create custom detections rules](custom-detection-rules.md)
 
 ### [Management and APIs](management-apis.md)
-#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-#### [Windows Defender ATP APIs](apis-intro.md)
-#### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md)
+#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
+#### [Microsoft Defender ATP APIs](apis-intro.md)
+#### [Managed security service provider support](mssp-support.md)
 
 ### [Microsoft Threat Protection](threat-protection-integration.md)
-####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
+####  [Protect users, data, and devices with conditional access](conditional-access.md)
 #### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
 #### [Information protection in Windows overview](information-protection-in-windows-overview.md)
 
-### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+
+
+### [Microsoft Threat Experts](microsoft-threat-experts.md)
+
+
+### [Portal overview](portal-overview.md)
 
 
 ## [Get started](get-started.md)
-### [What's new in Windows Defender ATP](whats-new-in-windows-defender-atp.md)
-### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
-### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
-### [Preview features](preview-windows-defender-advanced-threat-protection.md)
-### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
-### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
+### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
+### [Minimum requirements](minimum-requirements.md)
+### [Validate licensing and complete setup](licensing.md)
+### [Preview features](preview.md)
+### [Data storage and privacy](data-storage-privacy.md)
+### [Assign user access to the portal](assign-portal-access.md)
 
-### [Evaluate Windows Defender ATP](evaluate-atp.md)
+### [Evaluate Microsoft Defender ATP](evaluate-atp.md)
 ####Evaluate attack surface reduction
 ##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
 ##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
@@ -121,7 +129,7 @@
 ##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
 #### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
-### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
+### [Access the Microsoft Defender Security Center Community Center](community.md)
 
 ## [Configure and manage capabilities](onboard.md)
 ### [Configure attack surface reduction](configure-attack-surface-reduction.md)
@@ -211,32 +219,32 @@
 ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
 
-### [Configure Secure score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md) 
+### [Configure Secure score dashboard security controls](secure-score-dashboard.md) 
 
 ### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
 
 ### Management and API support
-#### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-##### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
-##### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
-###### [Onboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-##### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-##### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+#### [Onboard machines](onboard-configure.md)
+##### [Onboard previous versions of Windows](onboard-downlevel.md)
+##### [Onboard Windows 10 machines](configure-endpoints.md)
+###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
+###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
+###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md)
+####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
+###### [Onboard machines using a local script](configure-endpoints-script.md)
+###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
+##### [Onboard servers](configure-server-endpoints.md)
+##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
 ##### [Onboard machines without Internet access](onboard-offline-machines.md)
-##### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
-##### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
-##### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
+##### [Run simulated attacks on machines](attack-simulations.md)
+##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
+##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md)
+###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
   
 
-#### [Windows Defender ATP API](use-apis.md)
-##### [Get started with Windows Defender ATP APIs](apis-intro.md)
+#### [Microsoft Defender ATP API](use-apis.md)
+##### [Get started with Microsoft Defender ATP APIs](apis-intro.md)
 ###### [Hello World](api-hello-world.md)
 ###### [Get access with application context](exposed-apis-create-app-webapp.md)
 ###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
@@ -244,65 +252,65 @@
 
 ###### [Advanced Hunting](run-advanced-query-api.md)
 
-###### [Alert](alerts-windows-defender-advanced-threat-protection-new.md)
-####### [List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)
-####### [Update Alert](update-alert-windows-defender-advanced-threat-protection-new.md)
-####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md)
-####### [Get alert related domains information](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)
-####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md)
-####### [Get alert related IPs information](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md)
-####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md)
-####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md)
+###### [Alert](alerts.md)
+####### [List alerts](get-alerts.md)
+####### [Create alert](create-alert-by-reference.md)
+####### [Update Alert](update-alert.md)
+####### [Get alert information by ID](get-alert-info-by-id.md)
+####### [Get alert related domains information](get-alert-related-domain-info.md)
+####### [Get alert related file information](get-alert-related-files-info.md)
+####### [Get alert related IPs information](get-alert-related-ip-info.md)
+####### [Get alert related machine information](get-alert-related-machine-info.md)
+####### [Get alert related user information](get-alert-related-user-info.md)
 
-###### [Machine](machine-windows-defender-advanced-threat-protection-new.md)
-####### [List machines](get-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
-####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
-####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Add or Remove machine tags](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md)
-####### [Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md)
+###### [Machine](machine.md)
+####### [List machines](get-machines.md)
+####### [Get machine by ID](get-machine-by-id.md)
+####### [Get machine log on users](get-machine-log-on-users.md)
+####### [Get machine related alerts](get-machine-related-alerts.md)
+####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
+####### [Find machines by IP](find-machines-by-ip.md)
 
-###### [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md)
-####### [List Machine Actions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-####### [Get Machine Action](get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
-####### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
-####### [Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
-####### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md)
-####### [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md)
-####### [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md)
-####### [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md)
-####### [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md)
-####### [Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
-####### [Stop and quarantine file](stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
-####### [Initiate investigation (preview)](initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md)
+###### [Machine Action](machineaction.md)
+####### [List Machine Actions](get-machineactions-collection.md)
+####### [Get Machine Action](get-machineaction-object.md)
+####### [Collect investigation package](collect-investigation-package.md)
+####### [Get investigation package SAS URI](get-package-sas-uri.md)
+####### [Isolate machine](isolate-machine.md)
+####### [Release machine from isolation](unisolate-machine.md)
+####### [Restrict app execution](restrict-code-execution.md)
+####### [Remove app restriction](unrestrict-code-execution.md)
+####### [Run antivirus scan](run-av-scan.md)
+####### [Offboard machine](offboard-machine-api.md)
+####### [Stop and quarantine file](stop-and-quarantine-file.md)
+####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
 
-###### [Indicators (preview)](ti-indicator-windows-defender-advanced-threat-protection-new.md)
-####### [Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
-####### [List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
-####### [Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
+###### [Indicators](ti-indicator.md)
+####### [Submit Indicator](post-ti-indicator.md)
+####### [List Indicators](get-ti-indicators-collection.md)
+####### [Delete Indicator](delete-ti-indicator-by-id.md)
 
 ###### Domain
-####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection-new.md)
-####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md)
+####### [Get domain related alerts](get-domain-related-alerts.md)
+####### [Get domain related machines](get-domain-related-machines.md)
+####### [Get domain statistics](get-domain-statistics.md)
+####### [Is domain seen in organization](is-domain-seen-in-org.md)
 
-###### [File](files-windows-defender-advanced-threat-protection-new.md)
-####### [Get file information](get-file-information-windows-defender-advanced-threat-protection-new.md)
-####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection-new.md)
+###### [File](files.md)
+####### [Get file information](get-file-information.md)
+####### [Get file related alerts](get-file-related-alerts.md)
+####### [Get file related machines](get-file-related-machines.md)
+####### [Get file statistics](get-file-statistics.md)
 
 ###### IP
-####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection-new.md)
-####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
+####### [Get IP related alerts](get-ip-related-alerts.md)
+####### [Get IP related machines](get-ip-related-machines.md)
+####### [Get IP statistics](get-ip-statistics.md)
+####### [Is IP seen in organization](is-ip-seen-org.md)
 
-###### [User](user-windows-defender-advanced-threat-protection-new.md)
-####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md)
+###### [User](user.md)
+####### [Get user related alerts](get-user-related-alerts.md)
+####### [Get user related machines](get-user-related-machines.md)
 
 ##### How to use APIs - Samples
 ###### Advanced Hunting API
@@ -316,89 +324,91 @@
 
 
 #### API for custom alerts
-##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Enable the custom threat intelligence application](enable-custom-ti.md)
+##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
+##### [Create custom threat intelligence alerts](custom-ti-api.md)
+##### [PowerShell code examples](powershell-example-code.md)
+##### [Python code examples](python-example-code.md)
+##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
+##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
  
 
-#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP SIEM alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+#### [Pull alerts to your SIEM tools](configure-siem.md)
+##### [Enable SIEM integration](enable-siem-integration.md)
+##### [Configure Splunk to pull alerts](configure-splunk.md)
+##### [Configure HP ArcSight to pull alerts](configure-arcsight.md)
+##### [Microsoft Defender ATP SIEM alert API fields](api-portal-mapping.md)
+##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md)
+##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
 
 
 #### Reporting
-##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md)
-##### [Machine health and compliance reports](machine-reports-windows-defender-advanced-threat-protection.md)
+##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+##### [Threat protection reports](threat-protection-reports.md)
+##### [Machine health and compliance reports](machine-reports.md)
 
 
 #### Interoperability
 ##### [Partner applications](partner-applications.md)
 
 #### Role-based access control
-##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
-###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md)
-###### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
-####### [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md)
+##### [Manage portal access using RBAC](rbac.md)
+###### [Create and manage roles](user-roles.md)
+###### [Create and manage machine groups](machine-groups.md)
+####### [Create and manage machine tags](machine-tags.md)
 
-#### [Configure managed security service provider (MSSP) support](configure-mssp-support-windows-defender-advanced-threat-protection.md)
+#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
 
 ### Configure Microsoft Threat Protection integration
-#### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md)
+#### [Configure conditional access](configure-conditional-access.md)
 #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
 ####[Configure information protection in Windows](information-protection-in-windows-config.md)
 
 
-### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+### [Configure Microsoft Defender Security Center settings](preferences-setup.md)
 #### General
-##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
-##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
-##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+##### [Update data retention settings](data-retention-settings.md)
+##### [Configure alert notifications](configure-email-notifications.md)
+##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
+##### [Enable Secure score security controls](enable-secure-score.md)
+##### [Configure advanced features](advanced-features.md)
  
 #### Permissions
-##### [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
-##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
-###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md)
-###### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
-####### [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md)
+##### [Use basic permissions to access the portal](basic-permissions.md)
+##### [Manage portal access using RBAC](rbac.md)
+###### [Create and manage roles](user-roles.md)
+###### [Create and manage machine groups](machine-groups.md)
+####### [Create and manage machine tags](machine-tags.md)
  
 #### APIs
-##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+##### [Enable Threat intel](enable-custom-ti.md)
+##### [Enable SIEM integration](enable-siem-integration.md)
  
 ####Rules
-##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
-##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage suppression rules](manage-suppression-rules.md)
+##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
 ##### [Manage indicators](manage-indicators.md)
-##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+##### [Manage automation file uploads](manage-automation-file-uploads.md)
+##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
  
 ####Machine management
-##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
+##### [Onboarding machines](onboard-configure.md)
+##### [Offboarding machines](offboard-machines.md)
+ 
+#### [Configure Windows Security app time zone settings](time-settings.md)
  
-#### [Configure Windows Security app time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
 
-## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
+
+## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md)
 ###Troubleshoot sensor state
-#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
-#### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-#### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
-#### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
-#### [Review sensor events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
+#### [Check sensor state](check-sensor-status.md)
+#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
+#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
+#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
+#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
 
-### [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
-#### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
+### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
+#### [Check service health](service-status.md)
 
 ###Troubleshoot attack surface reduction
 #### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
index ef694ec2c0..2dd101cbc1 100644
--- a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@@ -19,12 +19,12 @@ ms.topic: article
 # Add or Remove Machine Tags API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 This API adds or remove tag to a specific machine.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -33,8 +33,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Manage security setting' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Manage security setting' (See [Create and manage roles](user-roles.md) for more information)
+>- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -67,7 +67,7 @@ If successful, this method returns 200 - Ok response code and the updated Machin
 
 Here is an example of a request that adds machine tag.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
similarity index 63%
rename from windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
index dff8fdeb1c..46f0887e3f 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@@ -1,6 +1,6 @@
 ---
-title: Configure advanced features in Windows Defender ATP
-description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
+title: Configure advanced features in Microsoft Defender ATP
+description: Turn on advanced features such as block file in Microsoft Defender Advanced Threat Protection.
 keywords: advanced features, settings, block file, automated investigation, auto-resolve, skype, azure atp, office 365, azure information protection, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,19 +17,28 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure advanced features in Windows Defender ATP
+# Configure advanced features in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
 
-Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Windows Defender ATP with.
+Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with.
 
 Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
 
 ## Automated investigation
-When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
+When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations.md).
+
+## Live response
+When you enable this feature, users with the appropriate permissions can initiate a live response session on machines. 
+
+For more information on role assignments see, [Create and manage roles](user-roles.md). 
+
+## Live response unsigned script execution
+Enabling this feature allows you to run unsigned scripts in a live response session. 
+
 
 ## Auto-resolve remediated alerts
 For tenants created on or after Windows 10, version 1809 the automated investigations capability is configured by default to resolve alerts where the automated analysis result status is "No threats found" or "Remediated".  If you don’t want to have alerts auto-resolved, you’ll need to manually turn off the feature.
@@ -43,7 +52,7 @@ For tenants created on or after Windows 10, version 1809 the automated investiga
 
 
 ## Block file
-This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled, see [Block files in your network](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#block-files-in-your-network) for more details.
+This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled, see [Block files in your network](respond-file-alerts.md#block-files-in-your-network) for more details.
 
 If your organization satisfies these conditions, the feature is enabled by default. This feature enables you to block potentially malicious files in your network. This operation will prevent it from being read, written, or executed on machines in your organization.
 
@@ -53,7 +62,7 @@ When you enable this feature, you'll be able to see user details stored in Azure
 - Alert queue
 - Machine details page
 
-For more information, see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
+For more information, see [Investigate a user account](investigate-user.md).
 
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
@@ -69,7 +78,7 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
 
-### Enable the Windows Defender ATP integration from the Azure ATP portal
+### Enable the Microsoft Defender ATP integration from the Azure ATP portal
 To receive contextual machine integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
 
 1. Login to the [Azure portal](https://portal.atp.azure.com/) with a Global Administrator or Security Administrator role.
@@ -83,22 +92,21 @@ When you complete the integration steps on both portals, you'll be able to see r
 ## Office 365 Threat Intelligence connection
 This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
 
-When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into Windows Defender Security Center to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
+When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into Microsoft Defender Security Center to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
 
-To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
+To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Microsoft Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
 
 ## Microsoft Threat Experts
-This feature is currently on public preview. When you enable this feature, you'll receive targeted attack notifications from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it.
+Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability, while  experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Microsoft Defender ATP portal's alerts dashboard and via email if you configure it.
 
 >[!NOTE]
->This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
-
+>The Microsoft Threat Experts capability in Microsoft Defender ATP is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
 
 ## Microsoft Cloud App Security
-Enabling this setting forwards Windows Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data. 
+Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data. 
 
 >[!NOTE]
 >This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later.
@@ -110,14 +118,14 @@ Turning this setting on forwards signals to Azure Information Protection, giving
 ## Microsoft Intune connection
 This feature is only available if you have an active Microsoft Intune (Intune) license. 
 
-When you enable this feature, you'll be able to share Windows Defender ATP device information to Intune and enhance policy enforcement. 
+When you enable this feature, you'll be able to share Microsoft Defender ATP device information to Intune and enhance policy enforcement. 
 
 >[!NOTE]
->You'll need to enable the integration on both Intune and Windows Defender ATP to use this feature. 
+>You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. 
 
 
 ## Preview features
-Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
 
 You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
 
@@ -127,7 +135,7 @@ You'll have access to upcoming features which you can provide feedback on to hel
 3. Click **Save preferences**.
 
 ## Related topics
-- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
-- [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+- [Update data retention settings](data-retention-settings.md)
+- [Configure alert notifications](configure-email-notifications.md)
+- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+- [Enable Secure Score security controls](enable-secure-score.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
index 6c0c82d32d..8e6f64817f 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
@@ -1,5 +1,5 @@
 ---
-title: Advanced hunting best practices in Windows Defender ATP
+title: Advanced hunting best practices in Microsoft Defender ATP
 description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
 keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
 search.product: eADQiWindows 10XVcnh
@@ -18,16 +18,13 @@ ms.topic: conceptual
 ms.date: 04/24/2018
 ---
 
-# Advanced hunting query best practices Windows Defender ATP
+# Advanced hunting query best practices Microsoft Defender ATP
 
 **Applies to:**
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
 
 ## Performance best practices
 The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries. 
@@ -42,7 +39,7 @@ The following best practices serve as a guideline of query performance best prac
 
 ### Unique Process IDs
 Process IDs are recycled in Windows and reused for new processes and therefore can't serve as a unique identifier for a specific process.
-To address this issue, Windows Defender ATP created the time process. To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time.
+To address this issue, Microsoft Defender ATP created the time process. To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time.
 
 
 So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either MachineId or ComputerName), a process ID (ProcessId or InitiatingProcessId) and the process creation time (ProcessCreationTime or InitiatingProcessCreationTime)
@@ -61,13 +58,14 @@ The query summarizes by both InitiatingProcessId and InitiatingProcessCreationTi
 
 ### Using command line queries
 
-Command lines may vary - when applicable, filter on file names and do fuzzy matching. 
+Command lines may vary - when applicable, filter on file names and do fuzzy matching.
 
 There are numerous ways to construct a command line to accomplish a task. 
 
 For example, a malicious attacker could specify the process image file name without a path, with full path, without the file extension, using environment variables, add quotes, and others. In addition, the attacker can also change the order of some parameters, add multiple quotes or spaces, and much more.
 
 To create more durable queries using command lines, we recommended the following guidelines:
+
 - Identify the known processes (such as net.exe, psexec.exe, and others) by matching on the filename fields, instead of filtering on the command line field.
 - When querying for command line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators.
 - Use case insensitive matches. For example, use '=~', 'in~', 'contains' instead of '==', 'in' or 'contains_cs'
@@ -92,7 +90,7 @@ ProcessCreationEvents
 | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" 
 ```
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)        
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)        
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md
index e4ad2bca0f..55acfa866d 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md
@@ -1,5 +1,5 @@
 ---
-title: Advanced hunting reference in Windows Defender ATP
+title: Advanced hunting reference in Microsoft Defender ATP
 description: Learn about Advanced hunting table reference such as column name, data type, and description
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
 search.product: eADQiWindows 10XVcnh
@@ -18,17 +18,13 @@ ms.topic: article
 ms.date: 06/01/2018
 ---
 
-# Advanced hunting reference in Windows Defender ATP
+# Advanced hunting reference in Microsoft Defender ATP
 
 **Applies to:**
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 ## Advanced hunting column reference
 To effectively build queries that span multiple tables, you need to understand the columns in the Advanced hunting schema. The following table lists all the available columns, along with their data types and descriptions. This information is also available in the schema representation in the Advanced hunting screen.
@@ -104,7 +100,7 @@ To effectively build queries that span multiple tables, you need to understand t
 | ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. |
 | ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process |
 | Protocol | string | IP protocol used, whether TCP or UDP |
-| PublicIP | string | Public IP address used by the onboarded machine to connect to the Windows Defender ATP service. This could be the IP address of the machine itself, a NAT device, or a proxy. |
+| PublicIP | string | Public IP address used by the onboarded machine to connect to the Microsoft Defender ATP service. This could be the IP address of the machine itself, a NAT device, or a proxy. |
 | RegistryKey | string | Registry key that the recorded action was applied to |
 | RegistryValueData | string | Data of the registry value that the recorded action was applied to |
 | RegistryValueName | string | Name of the registry value that the recorded action was applied to |
@@ -124,8 +120,8 @@ To effectively build queries that span multiple tables, you need to understand t
 | Table | string | Table that contains the details of the event |
 | TunnelingType | string | Tunneling protocol, if the interface is used for this purpose, for example 6to4, Teredo, ISATAP, PPTP, SSTP, and SSH |
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)        
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)        
 
-## Related topic
-- [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
-- [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+## Related topics
+- [Query data using Advanced hunting](advanced-hunting.md)
+- [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md
index 2665b31d0e..44e20add28 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md
@@ -1,6 +1,6 @@
 ---
-title: Query data using Advanced hunting in Windows Defender ATP
-description: Learn about Advanced hunting in Windows Defender ATP and how to query ATP data.
+title: Query data using Advanced hunting in Microsoft Defender ATP
+description: Learn about Advanced hunting in Microsoft Defender ATP and how to query ATP data.
 keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,9 +18,9 @@ ms.topic: article
 ms.date: 08/15/2018
 ---
 
-# Query data using Advanced hunting in Windows Defender ATP
+# Query data using Advanced hunting in Microsoft Defender ATP
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 
 To get you started in querying your data, you can use the basic or Advanced query examples that have some preloaded queries for you to understand the basic query syntax.
@@ -33,7 +33,7 @@ A typical query starts with a table name followed by a series of operators separ
 
 In the following example, we start with the table name **ProcessCreationEvents** and add piped elements as needed.
 
-![Image of Windows Defender ATP Advanced hunting query](images/advanced-hunting-query-example.png)
+![Image of Microsoft Defender ATP Advanced hunting query](images/advanced-hunting-query-example.png)
 
 First, we define a time filter to review only records from the previous seven days. 
 
@@ -69,7 +69,7 @@ For more information on the query language and supported operators, see  [Query
 
 The following tables are exposed as part of Advanced hunting:
 
-- **AlertEvents** - Alerts on Windows Defender Security Center 
+- **AlertEvents** - Alerts on Microsoft Defender Security Center 
 - **MachineInfo** - Machine information, including OS information 
 - **MachineNetworkInfo** - Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains
 - **ProcessCreationEvents** - Process creation and related events 
@@ -124,10 +124,10 @@ These steps guide you on modifying and overwriting an existing query.
 
 The result set has several capabilities to provide you with effective investigation, including:
 
-- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in Windows Defender Security Center.
+- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in Microsoft Defender Security Center.
 - You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set. 
 
-![Image of Windows Defender ATP Advanced hunting result set](images/atp-advanced-hunting-results-filter.png)
+![Image of Microsoft Defender ATP Advanced hunting result set](images/atp-advanced-hunting-results-filter.png)
 
 ## Filter results in Advanced hunting
 In Advanced hunting, you can use the advanced filter on the output result set of the query. 
@@ -146,11 +146,11 @@ The filter selections will resolve as an additional query term and the results w
 Check out the [Advanced hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
 
 ## Related topic
-- [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-- [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+- [Advanced hunting reference](advanced-hunting-reference.md)
+- [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md
new file mode 100644
index 0000000000..1e817593bb
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md
@@ -0,0 +1,37 @@
+---
+title: Alerts queue in Microsoft Defender Security Center
+description: View and manage the alerts surfaced in Microsoft Defender Security Center
+keywords: 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+ms.date: 09/03/2018
+---
+
+# Alerts queue in Microsoft Defender Security Center
+Learn how you can view and manage the queue so that you can effectively investigate threats seen on entities such as machines, files, or user accounts.
+
+
+## In this section
+Topic | Description 
+:---|:---
+[View and organize the Alerts queue](alerts-queue.md) | Shows a list of alerts that were flagged in your network.
+[Manage alerts](manage-alerts.md) | Learn about how you can manage alerts such as change its status, assign it to a security operations member, and see the history of an alert.
+[Investigate alerts](investigate-alerts.md)| Investigate alerts that are affecting your network, understand what they mean, and how to resolve them.
+[Investigate files](investigate-files.md)| Investigate the details of a file associated with a specific alert, behaviour, or event. 
+[Investigate machines](investigate-machines.md)| Investigate the details of a machine associated with a specific alert, behaviour, or event. 
+[Investigate an IP address](investigate-ip.md) | Examine possible communication between machines in your network and external internet protocol (IP) addresses.
+[Investigate a domain](investigate-domain.md) | Investigate a domain to see if machines and servers in your network have been communicating with a known malicious domain. 
+[Investigate a user account](investigate-user.md) | Identify user accounts with the most active alerts and investigate cases of potential compromised credentials.  
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
similarity index 64%
rename from windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
index fb04442da2..da4a174d2c 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
@@ -1,6 +1,6 @@
 ---
-title: View and organize the Windows Defender ATP Alerts queue
-description: Learn about how the Windows Defender ATP alerts queues work, and how to sort and filter lists of alerts.
+title: View and organize the Microsoft Defender ATP Alerts queue
+description: Learn about how the Microsoft Defender ATP alerts queues work, and how to sort and filter lists of alerts.
 keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period, microsoft threat experts alerts
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,14 +18,12 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
 
-# View and organize the Windows Defender Advanced Threat Protection Alerts queue
+# View and organize the Microsoft Defender Advanced Threat Protection Alerts queue
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
 
 The **Alerts queue** shows a list of alerts that were flagged from machines in your network. By default, the queue displays alerts seen in the last 30 days in a grouped view, with the most recent alerts showing at the top of the list, helping you see the most recent alerts first.
 
@@ -38,7 +36,6 @@ On the top navigation you can:
 - Navigate between pages
 - Apply filters
 
-
 ![Image of alerts queue](images/alerts-queue-list.png)
 
 ##  Sort, filter, and group the alerts queue
@@ -53,16 +50,15 @@ Medium </br>(Orange) | Threats rarely observed in the organization, such as anom
 Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
 Informational </br>(Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
 
-
 #### Understanding alert severity
-It is important to understand that the Windows Defender Antivirus (Windows Defender AV) and Windows Defender ATP alert severities are different because they represent different scopes.
+It is important to understand that the Windows Defender Antivirus (Windows Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes.
 
 The Windows Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual machine, if infected.
 
-The Windows Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization. 
+The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization.
 
 So, for example:
--	The severity of a Windows Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred.
+-	The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred.
 -	An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as  "Low" because it may have caused some damage to the individual machine but poses no organizational threat.
 -	An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
 -	Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
@@ -77,7 +73,7 @@ Corresponds to the automated investigation state.
 You can choose between showing alerts that are assigned to you or automation.
 
 ### Detection source
-Select the source that triggered the alert detection.  Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts managed hunting service. 
+Select the source that triggered the alert detection.  Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts managed hunting service.
 
 >[!NOTE]
 >The Windows Defender Antivirus filter will only appear if machines are using Windows Defender Antivirus as the default real-time protection antimalware product.
@@ -90,15 +86,14 @@ Limit the alerts queue view by selecting the OS platform that you're interested
 If you have specific machine groups that you're interested in checking the alerts on, you can select the groups to limit the alerts queue view to display just those machine groups.
 
 ### Associated threat
-Use this filter to focus on alerts that are related to high profile threats. You can see the full list of high-profile threats in [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md). 
-
+Use this filter to focus on alerts that are related to high profile threats. You can see the full list of high-profile threats in [Threat analytics](threat-analytics.md).
 
 ## Related topics
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
similarity index 60%
rename from windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/alerts.md
index da3a29ed3a..05fcb78399 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -18,21 +18,21 @@ ms.topic: article
 
 # Alert resource type
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Represents an alert entity in Windows Defender ATP.
+Represents an alert entity in Microsoft Defender ATP.
 
 # Methods
 Method|Return Type |Description
 :---|:---|:---
-[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object.
-[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection.
-[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[Alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
-[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection| List URLs associated with the alert.
-[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [File](files-windows-defender-advanced-threat-protection-new.md) collection |  List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
-[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated with the alert.
-[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [Machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
-[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [User](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
+[List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
+[Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
+[List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
+[List related files](get-alert-related-files-info.md) | [File](files.md) collection |  List the [file](files.md) entities that are associated with the [alert](alerts.md).
+[List related IPs](get-alert-related-ip-info.md) | IP collection | List IPs that are associated with the alert.
+[Get related machines](get-alert-related-machine-info.md) | [Machine](machine.md) | The [machine](machine.md) that is associated with the [alert](alerts.md).
+[Get related users](get-alert-related-user-info.md) | [User](user.md) | The [user](user.md) that is associated with the [alert](alerts.md).
 
 
 # Properties
@@ -55,7 +55,7 @@ alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was cr
 lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
 firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
 resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
-machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
+machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
 
 # JSON representation
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-atp/api-hello-world.md
rename to windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
index 9ee1dafbb9..a1fdedb347 100644
--- a/windows/security/threat-protection/windows-defender-atp/api-hello-world.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
@@ -16,12 +16,12 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Windows Defender ATP API - Hello World 
+# Microsoft Defender ATP API - Hello World 
 
 **Applies to:** 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## Get Alerts using a simple PowerShell script
@@ -50,7 +50,7 @@ For the App registration stage, you must have a Global administrator role in you
 
 	![Image of Create application window](images/webapp-create.png)
 
-4. Allow your App to access Windows Defender ATP and assign it 'Read all alerts' permission:
+4. Allow your App to access Microsoft Defender ATP and assign it 'Read all alerts' permission:
 
 	- Click **Settings** > **Required permissions** > **Add**.
 
@@ -184,6 +184,6 @@ You’re all done! You have just successfully:
 
 
 ## Related topic
-- [Windows Defender ATP APIs](exposed-apis-list.md)
-- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md)
-- [Access Windows Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
+- [Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
index 4520b214d1..04e82ab368 100644
--- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender ATP alert API fields
-description: Understand how the alert API fields map to the values in Windows Defender Security Center
+title: Microsoft Defender ATP alert API fields
+description: Understand how the alert API fields map to the values in Microsoft Defender Security Center
 keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,26 +18,20 @@ ms.topic: article
 ms.date: 10/16/2017
 ---
 
-# Windows Defender ATP SIEM alert API fields
+# Microsoft Defender ATP SIEM alert API fields
 
 **Applies to:**
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) 
-
-Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
 
+Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center.
 
 ##	Alert API fields and portal mapping
 The following table lists the available fields exposed in the alerts API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
 
-
-The ArcSight field column contains the default mapping between the Windows Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+The ArcSight field column contains the default mapping between the Microsoft Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
 
 Field numbers match the numbers in the images below.
 
@@ -47,12 +41,12 @@ Field numbers match the numbers in the images below.
 | 1                | AlertTitle                | name                | A dll was unexpectedly loaded into   a high integrity process without a UAC prompt | Value available for every alert.                                                                                                                                               |
 | 2                | Severity                  | deviceSeverity      | Medium                                                                             | Value available for every alert.                                                                                                                                               |
 | 3                | Category                  | deviceEventCategory | Privilege Escalation                                                               | Value available for every alert.                                                                                                                                               |
-| 4                | Source                    | sourceServiceName   | WindowsDefenderATP                                                                 | Windows Defender Antivirus or   Windows Defender ATP. Value available for every alert.                                                                                         |
+| 4                | Source                    | sourceServiceName   | WindowsDefenderATP                                                                 | Windows Defender Antivirus or   Microsoft Defender ATP. Value available for every alert.                                                                                         |
 | 5                | MachineName               | sourceHostName      | liz-bean                                                                           | Value available for every alert.                                                                                                                                               |
 | 6                | FileName                  | fileName            | Robocopy.exe                                                                       | Available for alerts associated   with a file or process.                                                                                                                      |
 | 7                | FilePath                  | filePath            | C:\Windows\System32\Robocopy.exe                                                   | Available for alerts associated   with a file or process.                                                                                                                     |
-| 8                | UserDomain                | sourceNtDomain      | contoso                                                                            | The domain of the user context   running the activity, available for Windows Defender ATP behavioral based   alerts.                                                           |
-| 9                | UserName                  | sourceUserName      | liz-bean                                                                           | The user context running the   activity, available for Windows Defender ATP behavioral based alerts.                                                                           |
+| 8                | UserDomain                | sourceNtDomain      | contoso                                                                            | The domain of the user context   running the activity, available for Microsoft Defender ATP behavioral based   alerts.                                                           |
+| 9                | UserName                  | sourceUserName      | liz-bean                                                                           | The user context running the   activity, available for Microsoft Defender ATP behavioral based alerts.                                                                           |
 | 10               | Sha1                      | fileHash            | 5b4b3985339529be3151d331395f667e1d5b7f35                                           | Available for alerts associated   with a file or process.                                                                                                                      |
 | 11               | Md5                       | deviceCustomString5 | 55394b85cb5edddff551f6f3faa9d8eb                                                   | Available for Windows Defender AV   alerts.                                                                                                                                    |
 | 12               | Sha256                    | deviceCustomString6 | 9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5                   | Available for Windows Defender AV   alerts.                                                                                                                                    |
@@ -72,7 +66,7 @@ Field numbers match the numbers in the images below.
 |                  | InternalIPv6List          | No mapping          | fd30:0000:0000:0001:ff4e:003e:0009:000e,   FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces.                                                                                                                                                                               |
 | Internal   field | LastProcessedTimeUtc      | No mapping          | 2017-05-07T01:56:58.9936648Z                                                       | Time when event arrived at the   backend. This field can be used when setting the request parameter for the   range of time that alerts are retrieved.                         |
 |                  | Not part of the schema    | deviceVendor        |                                                                                    | Static value in the ArcSight   mapping - 'Microsoft'.                                                                                                                          |
-|                  | Not part of the schema    | deviceProduct       |                                                                                    | Static value in the ArcSight   mapping - 'Windows Defender ATP'.                                                                                                               |
+|                  | Not part of the schema    | deviceProduct       |                                                                                    | Static value in the ArcSight   mapping - 'Microsoft Defender ATP'.                                                                                                               |
 |                  | Not part of the schema    | deviceVersion       |                                                                                    | Static value in the ArcSight   mapping - '2.0', used to identify the mapping versions.                                                                                         
 
 
@@ -92,8 +86,8 @@ Field numbers match the numbers in the images below.
 
 
 ## Related topics
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)
+- [Configure ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)
+- [Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
similarity index 50%
rename from windows/security/threat-protection/windows-defender-atp/apis-intro.md
rename to windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index d05ecd0f1b..1b042e2d4c 100644
--- a/windows/security/threat-protection/windows-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Advanced Threat Protection API overview  
-description: Learn how you can use APIs to automate workflows and innovate based on Windows Defender ATP capabilities
+title: Microsoft Defender Advanced Threat Protection API overview  
+description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
 keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -16,33 +16,33 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Windows Defender ATP API overview
+# Microsoft Defender ATP API overview
 
 **Applies to:** 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
-- Use the token to access Windows Defender ATP API
+- Use the token to access Microsoft Defender ATP API
 
 
-You can access Windows Defender ATP API with **Application Context** or **User Context**.
+You can access Microsoft Defender ATP API with **Application Context** or **User Context**.
 
 - **Application Context: (Recommended)** <br>
     Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
 
-	Steps that need to be taken to access Windows Defender ATP API with application context:
+	Steps that need to be taken to access Microsoft Defender ATP API with application context:
 
 	1. Create an AAD Web-Application.
 	2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. 
 	3. Create a key for this Application.
 	4. Get token using the application with its key.
-	5. Use the token to access Windows Defender ATP API
+	5. Use the token to access Microsoft Defender ATP API
 
 	For more information, see [Get access with application context](exposed-apis-create-app-webapp.md).
 
@@ -50,16 +50,16 @@ You can access Windows Defender ATP API with **Application Context** or **User C
 - **User Context:** <br>
     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Windows Defender ATP API with application context:
+	Steps that needs to be taken to access Microsoft Defender ATP API with application context:
 	1. Create AAD Native-Application.
 	2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
 	3. Get token using the application with user credentials.
-	4. Use the token to access Windows Defender ATP API
+	4. Use the token to access Microsoft Defender ATP API
 
 	For more information, see [Get access with user context](exposed-apis-create-app-nativeapp.md).
 
 
 ## Related topics
-- [Windows Defender ATP APIs](exposed-apis-list.md)
-- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md)
-- [Access Windows Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
+- [Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
similarity index 52%
rename from windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
index bc87a4503f..06eef64756 100644
--- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
@@ -1,6 +1,6 @@
 ---
-title: Assign user access to Windows Defender Security Center
-description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
+title: Assign user access to Microsoft Defender Security Center
+description: Assign read and write or read only access to the Microsoft Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,31 +18,28 @@ ms.topic: article
 ms.date: 11/28/2018
 ---
 
-# Assign user access to Windows Defender Security Center
+# Assign user access to Microsoft Defender Security Center
 
 **Applies to:**
 - Azure Active Directory
 - Office 365
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-Windows Defender ATP supports two ways to manage permissions:
+Microsoft Defender ATP supports two ways to manage permissions:
 
 - **Basic permissions management**: Set permissions to either full access or read-only.
-- **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+- **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac.md).
 
 > [!NOTE]
 >If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
 
->- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Windows Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Windows Defender ATP administrator role after switching to RBAC.  Only users assigned to the Windows Defender ATP administrator role can manage permissions using RBAC. 
+>- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Microsoft Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Microsoft Defender ATP administrator role after switching to RBAC.  Only users assigned to the Microsoft Defender ATP administrator role can manage permissions using RBAC. 
 >- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
 >- After switching to RBAC, you will not be able to switch back to using basic permissions management.
 
+## Related topics
 
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portalaccess-belowfoldlink)
-
-## Related topic
-- [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
-- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
+- [Use basic permissions to access the portal](basic-permissions.md)
+- [Manage portal access using RBAC](rbac.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
similarity index 53%
rename from windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
index a86ee0b027..96117063de 100644
--- a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
@@ -1,6 +1,6 @@
 ---
-title: Experience Windows Defender ATP through simulated attacks
-description: Run the provided attack scenario simulations to experience how Windows Defender ATP can detect, investigate, and respond to breaches.
+title: Experience Microsoft Defender ATP through simulated attacks
+description: Run the provided attack scenario simulations to experience how Microsoft Defender ATP can detect, investigate, and respond to breaches.
 keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,27 +18,23 @@ ms.topic: article
 ms.date: 11/20/2018
 ---
 
-# Experience Windows Defender ATP through simulated attacks 
+# Experience Microsoft Defender ATP through simulated attacks 
 
 **Applies to:**
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
 
 >[!TIP]
->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
-
-You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response.
+You might want to experience Microsoft Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Microsoft Defender ATP surfaces malicious activity and explore how it enables an efficient response.
 
 ## Before you begin
 
-To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md). 
+To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure.md). 
 
 Read the walkthrough document provided with each attack scenario. Each document includes OS and application requirements as well as detailed instructions that are specific to an attack scenario.
 
@@ -62,9 +58,10 @@ Read the walkthrough document provided with each attack scenario. Each document
 >Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test machine.
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
 
 
 ## Related topics
-- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+
+- [Onboard machines](onboard-configure.md)
+- [Onboard Windows 10 machines](configure-endpoints.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 8968b3b2cf..9037bd2ced 100644
--- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -15,27 +15,30 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 12/04/2018
 ---
 
 # Overview of Automated investigations
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
 
-The Windows Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address.
+The Microsoft Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address.
 
 
-To address this challenge, Windows Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. 
+To address this challenge, Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. 
 
 The Automated investigations list shows all the investigations that have been initiated automatically and shows other details such as its status, detection source, and the date for when the investigation was initiated. 
 
 ## Understand the Automated investigation flow
+
 ### How the Automated investigation starts
+
 Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a supported operating system for Automated investigation then an Automated investigation can start.
 
 >[!NOTE]
->Currently, Automated investigation only supports Windows 10, version 1803 or later.
->Some investigation playbooks, like memory investigations, require Windows 10, version 1809 or later.
+>Currently, Automated investigation only supports the following OS versions:
+>- Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441)) or later
+>- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464)) or later
+>- Later versions of Windows 10
 
 The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
 
@@ -73,14 +76,14 @@ Semi - require approval for non-temp folders remediation | An approval is requir
 Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br><br> Files or executables in all other folders will  automatically be remediated if needed.
 Full - remediate threats automatically | All remediation actions will be performed automatically.
 
-For more information on how to configure these automation levels, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+For more information on how to configure these automation levels, see [Create and manage machine groups](machine-groups.md).
 
 The default machine group is configured for semi-automatic remediation. This means that any malicious entity that needs to be remediated requires an approval and the investigation is added to the **Pending actions** section, this can be changed to fully automatic so that no user approval is needed. 
 
 When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
 
 ## Related topic
-- [Learn about the automated investigations dashboard](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
index 7dc172d03f..294a775bb9 100644
--- a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
@@ -1,6 +1,6 @@
 ---
-title: Use basic permissions to access Windows Defender Security Center
-description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
+title: Use basic permissions to access Microsoft Defender Security Center
+description: Assign read and write or read only access to the Microsoft Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -21,9 +21,9 @@ ms.topic: article
 **Applies to:**
 
 - Azure Active Directory
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
 
 Refer to the instructions below to use basic permissions management. 
 
@@ -31,7 +31,7 @@ You can use either of the following:
 - Azure PowerShell
 -  Azure Portal
 
-For granular control over permissions, [switch to role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+For granular control over permissions, [switch to role-based access control](rbac.md).
 
 ## Assign user access using Azure PowerShell
 You can assign users with one of the following levels of permissions:
@@ -73,4 +73,4 @@ For more information, see [Assign administrator and non-administrator roles to u
 
 
 ## Related topic
-- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
+- [Manage portal access using RBAC](rbac.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
similarity index 59%
rename from windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
index 007cfbede6..ac4575e88d 100644
--- a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
@@ -1,5 +1,5 @@
 ---
-title: Check the health state of the sensor in Windows Defender ATP
+title: Check the health state of the sensor in Microsoft Defender ATP
 description: Check the sensor health on machines to identify which ones are misconfigured, inactive, or are not reporting sensor data.
 keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication
 search.product: eADQiWindows 10XVcnh
@@ -18,38 +18,35 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
 
-# Check sensor health state in Windows Defender ATP
+# Check sensor health state in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
 
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
-
-The sensor health tile provides information on the individual machine’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
-
+The sensor health tile provides information on the individual machine’s ability to provide sensor data and communicate with the Microsoft Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
 
 There are two status indicators on the tile that provide information on the number of machines that are not reporting properly to the service:
-- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
-- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
+- **Misconfigured** - These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
+- **Inactive** - Machines that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month.
 
 
 Clicking any of the groups directs you to Machines list, filtered according to your choice.
 
-You can also download the entire list in CSV format using the **Export to CSV** feature. For more information on filters, see [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md).
+You can also download the entire list in CSV format using the **Export to CSV** feature. For more information on filters, see [View and organize the Machines list](machines-view-overview.md).
 
 You can filter the health state list by the following status:
-- **Active** - Machines that are actively reporting to the Windows Defender ATP service.
-- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues:
+- **Active** - Machines that are actively reporting to the Microsoft Defender ATP service.
+- **Misconfigured** - These machines might partially be reporting sensor data to the Microsoft Defender ATP service but have configuration errors that need to be corrected. Misconfigured machines can have either one or a combination of the following issues:
   - **No sensor data** - Machines has stopped sending sensor data. Limited alerts can be triggered from the machine.
   - **Impaired communications** - Ability to communicate with machine is impaired. Sending files for deep analysis, blocking files, isolating machine from network and other actions that require communication with the machine may not work.
-- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service.
+- **Inactive** - Machines that have stopped reporting to the Microsoft Defender ATP service.
 
 
 You can view the machine details when you click on a misconfigured or inactive machine. You’ll see more specific machine information when you click the information icon.
 
-![Windows Defender ATP sensor filter](images/atp-machine-health-details.png)
+![Microsoft Defender ATP sensor filter](images/atp-machine-health-details.png)
 
 In the **Machines list**, you can download a full list of all the machines in your organization in a CSV format. 
 
@@ -57,4 +54,4 @@ In the **Machines list**, you can download a full list of all the machines in yo
 >Export the list in CSV format to display the unfiltered data. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is.
 
 ## Related topic
-- [Fix unhealthy sensors in Windows Defender ATP](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
+- [Fix unhealthy sensors in Microsoft Defender ATP](fix-unhealthy-sensors.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
index 426f70f81a..a38ea7caba 100644
--- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@@ -19,14 +19,12 @@ ms.topic: article
 
 # Collect investigation package API
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Collect investigation package from a machine.
 
-
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +33,8 @@ Delegated (work or school account) |	Machine.CollectForensics |	'Collect forensi
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -58,7 +56,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -67,7 +65,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/community.md
similarity index 54%
rename from windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/community.md
index 35ed4d4458..78f18ff20e 100644
--- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/community.md
@@ -1,6 +1,6 @@
 ---
-title: Access the Windows Defender ATP Community Center
-description: Access the Windows Defender ATP Community Center to share experiences, engange, and learn about the product.
+title: Access the Microsoft Defender ATP Community Center
+description: Access the Microsoft Defender ATP Community Center to share experiences, engange, and learn about the product.
 keywords: community, community center, tech community, conversation, announcements
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -19,14 +19,14 @@ ms.date: 04/24/2018
 ---
 
 
-# Access the Windows Defender ATP Community Center
+# Access the Microsoft Defender ATP Community Center
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
-The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
+The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
 
 There are several spaces you can explore to learn about specific information:
 - Announcements 
@@ -35,8 +35,8 @@ There are several spaces you can explore to learn about specific information:
 
 
 There are several ways you can access the Community Center:
-- In the Windows Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Windows Defender ATP Tech Community page. 
-- Access the community through the [Windows Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
+- In the Microsoft Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Microsoft Defender ATP Tech Community page. 
+- Access the community through the [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
 
 
 You can instantly view and read conversations that have been posted in the community. 
diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
index d3dff32b11..f4a0532ef7 100644
--- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
@@ -20,11 +20,11 @@ ms.topic: article
 # Enable conditional access to better protect users, devices, and data 
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
 
 Conditional access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
 
@@ -32,7 +32,7 @@ With conditional access, you can control access to enterprise information based
 
 You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state. 
 
-The implementation of conditional access in Windows Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. 
+The implementation of conditional access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. 
 
 The compliance policy is used with conditional access to allow only devices that fulfill one or more device compliance policy rules to access applications. 
 
@@ -56,21 +56,21 @@ There are three ways to address a risk:
 2. Resolve active alerts on the machine. This will remove the risk from the machine.
 3. You can remove the machine from the active policies and consequently, conditional access will not be applied on the machine. 
 
-Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md).
+Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](configure-conditional-access.md).
 
 When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted.
 
 The following example sequence of events explains conditional access in action:
 
-1. A user opens a malicious file and Windows Defender ATP flags the device as high risk.
+1. A user opens a malicious file and Microsoft Defender ATP flags the device as high risk.
 2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
 3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune conditional access policy. In Azure AD, the corresponding policy is applied to block access to applications.
-4. The manual or automated investigation and remediation is completed and the threat is removed. Windows Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
+4. The manual or automated investigation and remediation is completed and the threat is removed. Microsoft Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
 5. Users can now access applications.
 
  
 ## Related topic
-- [Configure conditional access in Windows Defender ATP](configure-conditional-access-windows-defender-advanced-threat-protection.md)
+- [Configure conditional access in Microsoft Defender ATP](configure-conditional-access.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/configuration-score.md
rename to windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
index bb81e3d1db..36d6734ceb 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Threat & Vulnerability Management in Windows Defender ATP
+title: Configure Threat & Vulnerability Management in Microsoft Defender ATP
 description: Configure your Threat & Vulnerability Management to allow security administrators and IT administrators to collaborate seamlessly to remediate issues via Microsoft intune and Microsoft System Center Configuration Manager (SCCM) integrations.
 keywords: RBAC, Threat & Vulnerability Management configuration, Threat & Vulnerability Management integrations, Microsft Intune integration with TVM, SCCM integration with TVM  
 search.product: Windows 10
@@ -18,7 +18,7 @@ ms.topic: article
 ---
 # Configure Threat & Vulnerability Management
 **Applies to:**
-- [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
index d418764a45..862e906979 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
@@ -1,6 +1,6 @@
 ---
-title: Configure HP ArcSight to pull Windows Defender ATP alerts
-description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center
+title: Configure HP ArcSight to pull Microsoft Defender ATP alerts
+description: Configure HP ArcSight to receive and pull alerts from Microsoft Defender Security Center
 keywords: configure hp arcsight, security information and events management tools, arcsight
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,25 +18,25 @@ ms.topic: article
 ms.date: 12/20/2018
 ---
 
-# Configure HP ArcSight to pull Windows Defender ATP alerts
+# Configure HP ArcSight to pull Microsoft Defender ATP alerts
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) 
 
-You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Windows Defender ATP alerts.
+You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Microsoft Defender ATP alerts.
 
 ## Before you begin
 Configuring the HP ArcSight Connector tool requires several configuration files for it to pull and parse alerts from your Azure Active Directory (AAD) application.
 
 This section guides you in getting the necessary information to set and use the required configuration files correctly.
 
-- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
 
 - Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
   - OAuth 2.0 Token refresh URL
@@ -107,7 +107,7 @@ The following steps assume that you have completed all the required steps in [Be
      <td>Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.</td>
      <tr>
      <td>Refresh Token</td>
-     <td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory.For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080** A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d.	A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.
+     <td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory.For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080** A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d.	A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.
      </td>
      </tr>
      </tr>
@@ -160,11 +160,11 @@ If the `redirect_uri` is a https URL, you'll be redirected to a URL on the local
 
 9. Navigate to **Active channel set** > **New Condition** > **Device** > **Device Product**.
 
-10. Set **Device Product = Windows Defender ATP**. When you've verified that events are flowing to the tool, stop the process again and go to Windows Services and start the ArcSight FlexConnector REST.
+10. Set **Device Product = Microsoft Defender ATP**. When you've verified that events are flowing to the tool, stop the process again and go to Windows Services and start the ArcSight FlexConnector REST.
 
 You can now run queries in the HP ArcSight console.
 
-Windows Defender ATP alerts will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
+Microsoft Defender ATP alerts will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
 
 
 ## Troubleshooting HP ArcSight connection
@@ -187,7 +187,7 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
 > Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
 
 ## Related topics
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)
+- [Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
index cd442ff5d6..87e9fe515f 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
@@ -1,5 +1,5 @@
 ---
-title: Configure conditional access in Windows Defender ATP
+title: Configure conditional access in Microsoft Defender ATP
 description: 
 keywords: 
 search.product: eADQiWindows 10XVcnh
@@ -18,9 +18,9 @@ ms.topic: article
 ms.date: 09/03/2018
 ---
 
-# Configure conditional access in Windows Defender ATP
+# Configure conditional access in Microsoft Defender ATP
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 This section guides you through all the steps you need to take to properly implement conditional access.
 
@@ -38,14 +38,14 @@ You need to make sure that all your devices are enrolled in Intune. You can use
 
 
 
-There are steps you'll need to take in Windows Defender Security Center, the Intune portal, and Azure AD portal.
+There are steps you'll need to take in Microsoft Defender Security Center, the Intune portal, and Azure AD portal.
 
 > [!NOTE] 
 > You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
 
 Take the following steps to enable conditional access:
-- Step 1: Turn on the Microsoft Intune connection from Windows Defender Security Center
-- Step 2: Turn on the Windows Defender ATP integration in Intune
+- Step 1: Turn on the Microsoft Intune connection from Microsoft Defender Security Center
+- Step 2: Turn on the Microsoft Defender ATP integration in Intune
 - Step 3: Create the compliance policy in Intune
 - Step 4: Assign the policy 
 - Step 5: Create an Azure AD conditional access policy
@@ -57,10 +57,10 @@ Take the following steps to enable conditional access:
 3. Click **Save preferences**.
 
 
-### Step 2: Turn on the Windows Defender ATP integration in Intune
+### Step 2: Turn on the Microsoft Defender ATP integration in Intune
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Select **Device compliance** > **Windows Defender ATP**.
-3. Set **Connect Windows 10.0.15063+ devices to Windows Defender Advanced Threat Protection** to **On**.
+2. Select **Device compliance** > **Microsoft Defender ATP**.
+3. Set **Connect Windows 10.0.15063+ devices to Microsoft Defender Advanced Threat Protection** to **On**.
 4. Click **Save**.
 
 
@@ -80,7 +80,7 @@ Take the following steps to enable conditional access:
 
 ### Step 4: Assign the policy
 1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**.
-2. Select **Device compliance** > **Policies**> select your Windows Defender ATP compliance policy.
+2. Select **Device compliance** > **Policies**> select your Microsoft Defender ATP compliance policy.
 3. Select **Assignments**.
 4. Include or exclude your Azure AD groups to assign them the policy.
 5. To deploy the policy to the groups, select **Save**. The user devices targeted by the policy are evaluated for compliance.
@@ -96,6 +96,6 @@ Take the following steps to enable conditional access:
 
 6. Select **Enable policy**, and then **Create** to save your changes.
 
-For more information, see [Enable Windows Defender ATP with conditional access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
+For more information, see [Enable Microsoft Defender ATP with conditional access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
similarity index 68%
rename from windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
index 2d843ca2bd..05c041475c 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
@@ -1,6 +1,6 @@
 ---
-title: Configure alert notifications in Windows Defender ATP
-description: Send email notifications to specified recipients to receive new alerts based on severity with Windows Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
+title: Configure alert notifications in Microsoft Defender ATP
+description: Send email notifications to specified recipients to receive new alerts based on severity with Microsoft Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
 keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -15,23 +15,22 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/08/2018
 ---
 
-# Configure alert notifications in Windows Defender ATP
+# Configure alert notifications in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
 
-You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
+You can configure Microsoft Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
 
 > [!NOTE]
 > Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications.
 
-You can set the alert severity levels that trigger notifications. You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md).
+You can set the alert severity levels that trigger notifications. You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue.md).
 
 If you're using role-based access control (RBAC), recipients will only receive notifications based on the machine groups that were configured in the notification rule.
 Users with the proper permission can only create, edit, or delete notifications that are limited to their machine group management scope.
@@ -55,9 +54,9 @@ You can create rules that determine the machines and alert severities to send em
     - **Include machine information** - Includes the machine name in the email alert body.
     
         >[!NOTE]
-        > This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Windows Defender ATP data.
+        > This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Microsoft Defender ATP data.
 
-    - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+    - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups.md).
     - **Alert severity** - Choose the alert severity level.
 
 4. Click **Next**.
@@ -70,7 +69,7 @@ You can create rules that determine the machines and alert severities to send em
 
 Here's an example email notification:
 
-![Image of example email notification](images/atp-example-email-notification.png)
+![Image of example email notification](images/email-notification.png)
 
 ## Edit a notification rule
 1. Select the notification rule you'd like to edit.
@@ -94,12 +93,12 @@ This section lists various issues that you may encounter when using email notifi
 
 **Solution:** Make sure that the notifications are not blocked by email filters:
 
-1.	Check that the Windows Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk.
-2.	Check that your email security product is not blocking the email notifications from Windows Defender ATP.
-3.	Check your email application rules that might be catching and moving your Windows Defender ATP email notifications.
+1.	Check that the Microsoft Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk.
+2.	Check that your email security product is not blocking the email notifications from Microsoft Defender ATP.
+3.	Check your email application rules that might be catching and moving your Microsoft Defender ATP email notifications.
 
 ## Related topics
-- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
-- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
-- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Update data retention settings](data-retention-settings.md)
+- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+- [Enable Secure Score security controls](enable-secure-score.md)
+- [Configure advanced features](advanced-features.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
index a2e8e2a9d2..9a81c74448 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
@@ -1,7 +1,7 @@
 ---
-title: Onboard Windows 10 machines using Group Policy to Windows Defender ATP
+title: Onboard Windows 10 machines using Group Policy to Microsoft Defender ATP
 description: Use Group Policy to deploy the configuration package on Windows 10 machines so that they are onboarded to the service.
-keywords: configure machines using group policy, machine management, configure Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, group policy
+keywords: configure machines using group policy, machine management, configure Windows ATP machines, onboard Microsoft Defender Advanced Threat Protection machines, group policy
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -24,19 +24,19 @@ ms.date: 04/24/2018
 
 - Group Policy
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
 
 
 > [!NOTE]
 > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
 
 ## Onboard machines using Group Policy
-1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
  
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -63,10 +63,10 @@ ms.date: 04/24/2018
 9. Click **OK** and close any open GPMC windows.
 
 >[!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md).
 
-## Additional Windows Defender ATP configuration settings
-For each machine, you can state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
+## Additional Microsoft Defender ATP configuration settings
+For each machine, you can state whether samples can be collected from the machine when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
 
@@ -84,7 +84,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
 4.  Click **Policies**, then **Administrative templates**.
 
-5.  Click **Windows components** and then **Windows Defender ATP**.
+5.  Click **Windows components** and then **Microsoft Defender ATP**.
 
 6.  Choose to enable or disable sample sharing from your machines.
 
@@ -98,7 +98,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -132,7 +132,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
 
 ## Monitor machines using the portal
-1.	Go to [Windows Defender Security Center](https://securitycenter.windows.com/).
+1.	Go to [Microsoft Defender Security Center](https://securitycenter.windows.com/).
 2.	Click **Machines list**.
 3.	Verify that machines are appearing.
 
@@ -141,9 +141,9 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
 
 
 ## Related topics
-- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP machines](run-detection-test-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
+- [Run a detection test on a newly onboarded Microsoft Defender ATP machines](run-detection-test.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
similarity index 65%
rename from windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
index 57ba954930..01b6ee0ef8 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
@@ -1,7 +1,7 @@
 ---
 title: Onboard Windows 10 machines using Mobile Device Management tools
 description: Use Mobile Device Management tools to deploy the configuration package on machines so that they are onboarded to the service.
-keywords: onboard machines using mdm, machine management, onboard Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, mdm
+keywords: onboard machines using mdm, machine management, onboard Windows ATP machines, onboard Microsoft Defender Advanced Threat Protection machines, mdm
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -23,13 +23,13 @@ ms.date: 12/06/2018
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
 
-You can use mobile device management (MDM) solutions to configure machines. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage machines.
+You can use mobile device management (MDM) solutions to configure machines. Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage machines.
 
-For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 ## Before you begin
 If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully. 
@@ -40,7 +40,7 @@ For more information on enabling MDM with Microsoft Intune, see [Setup Windows D
 
 Follow the instructions from [Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
 
-For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 
 > [!NOTE]
@@ -49,7 +49,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 
 
 >[!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that a machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that a machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md).
 
 ## Offboard and monitor machines using Mobile Device Management tools
 For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
@@ -57,7 +57,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
    a. In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -79,9 +79,9 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
 
 ## Related topics
-- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
+- [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
similarity index 55%
rename from windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
index cd5b2e9c98..249bd676ef 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@@ -1,7 +1,7 @@
 ---
-title: Onboard non-Windows machines to the Windows Defender ATP service
-description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service.
-keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
+title: Onboard non-Windows machines to the Microsoft Defender ATP service
+description: Configure non-Winodws machines so that they can send sensor data to the Microsoft Defender ATP service.
+keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Microsoft Defender Advanced Threat Protection machines
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -22,15 +22,15 @@ ms.topic: article
 
 - macOS
 - Linux
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
 
 
 
-Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. 
+Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
 
-You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work. 
+You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. 
 
 
 
@@ -38,7 +38,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib
 You'll need to take the following steps to onboard non-Windows machines:
 1. Select your preferred method of onboarding:
 
-   - For macOS devices, you can choose to onboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac).
+   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac).
    - For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**.   
        
      1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
@@ -54,7 +54,7 @@ You'll need to take the following steps to onboard non-Windows machines:
 
 ## Offboard non-Windows machines
 
-1. Follow the third-party's documentation to disconnect the third-party solution from Windows Defender ATP.
+1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender ATP.
 
 2. Remove permissions for the third-party solution in your Azure AD tenant.
    1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -64,7 +64,7 @@ You'll need to take the following steps to onboard non-Windows machines:
 
 
 ## Related topics
-- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Onboard servers](configure-server-endpoints.md)
+- [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
+- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
similarity index 76%
rename from windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
index 4d6b519e13..4790139b77 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
@@ -1,7 +1,7 @@
 ---
 title: Onboard Windows 10 machines using System Center Configuration Manager
 description: Use System Center Configuration Manager to deploy the configuration package on machines so that they are onboarded to the service.
-keywords: onboard machines using sccm, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines, sccm
+keywords: onboard machines using sccm, machine management, configure Windows ATP machines, configure Microsoft Defender Advanced Threat Protection machines, sccm
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -23,16 +23,16 @@ ms.date: 12/11/2018
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - System Center 2012 Configuration Manager or later versions
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
 
 <span id="sccm1606"/>
 ## Onboard Windows 10 machines using System Center Configuration Manager (current branch) version 1606
-System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on machines. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
+System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Microsoft Defender ATP on machines. For more information, see [Support for Microsoft Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
 
 >[!NOTE]
 > If you’re using SCCM client version 1606 with server version 1610 or above, you must upgrade the client version to match the server version.
@@ -49,7 +49,7 @@ You can use existing System Center Configuration Manager functionality to create
 ### Onboard machines using System Center Configuration Manager
 
 
-1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** > **Onboarding**.
     
@@ -66,13 +66,13 @@ You can use existing System Center Configuration Manager functionality to create
     a. Choose a predefined device collection to deploy the package to.
 
 > [!NOTE]
-> Windows Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
+> Microsoft Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
 
 >[!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md).
 
 ### Configure sample collection settings
-For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
 
 You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
 This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
@@ -103,7 +103,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
     a. In the navigation pane, select **Settings** >  **Offboarding**.
 
@@ -128,7 +128,7 @@ Monitoring with SCCM consists of two parts:
 
 1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the machines in your network.
 
-2. Checking that the machines are compliant with the Windows Defender ATP service (this ensures the machine can complete the onboarding process and can continue to report data to the service).
+2. Checking that the machines are compliant with the Microsoft Defender ATP service (this ensures the machine can complete the onboarding process and can continue to report data to the service).
 
 **To confirm the configuration package has been correctly deployed:**
 
@@ -140,11 +140,11 @@ Monitoring with SCCM consists of two parts:
 
 4. Review the status indicators under **Completion Statistics** and **Content Status**.
 
-If there are failed deployments (machines with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the machines. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+If there are failed deployments (machines with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the machines. For more information see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
 
 ![SCCM showing successful deployment with no errors](images/sccm-deployment.png)
 
-**Check that the machines are compliant with the Windows Defender ATP service:**<br>
+**Check that the machines are compliant with the Microsoft Defender ATP service:**<br>
 You can set a compliance rule for configuration item in System Center Configuration Manager to monitor your deployment.
 
 This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted machines.
@@ -158,9 +158,9 @@ Value: “1”
 For more information about System Center Configuration Manager Compliance see [Get started with compliance settings in System Center Configuration Manager](https://docs.microsoft.com/sccm/compliance/get-started/get-started-with-compliance-settings).
 
 ## Related topics
-- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
+- [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
similarity index 71%
rename from windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
index fee63e07dd..d18d805cd6 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
@@ -1,7 +1,7 @@
 ---
 title: Onboard Windows 10 machines using a local script
 description: Use a local script to deploy the configuration package on machines so that they are onboarded to the service.
-keywords: configure machines using a local script, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
+keywords: configure machines using a local script, machine management, configure Windows ATP machines, configure Microsoft Defender Advanced Threat Protection machines
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -22,20 +22,20 @@ ms.topic: article
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-You can also manually onboard individual machines to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all machines in your network.
+You can also manually onboard individual machines to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all machines in your network.
 
 > [!NOTE]
-> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
+> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints.md).
 
 ## Onboard machines 
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -60,14 +60,14 @@ You can also manually onboard individual machines to Windows Defender ATP. You m
 
 5.  Press the **Enter** key or click **OK**.
 
-For information on how you can manually validate that the machine is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+For information on how you can manually validate that the machine is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
 
 
 >[!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
 
 ## Configure sample collection settings
-For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
 
 You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.  
 
@@ -93,7 +93,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
 
-1.	Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1.	Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Offboarding**.
 
@@ -122,12 +122,12 @@ For security reasons, the package used to Offboard machines will expire 30 days
 
 
 ## Monitor machine configuration
-You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) to verify that the script completed successfully and the agent is running.
+You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding.md) to verify that the script completed successfully and the agent is running.
 
 Monitoring can also be done directly on the portal, or by using the different deployment tools.
 
 ### Monitor machines using the portal
-1.	Go to Windows Defender Security Center.
+1.	Go to Microsoft Defender Security Center.
 
 2.	Click **Machines list**.
 
@@ -135,9 +135,9 @@ Monitoring can also be done directly on the portal, or by using the different de
 
 
 ## Related topics
-- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
+- [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
similarity index 76%
rename from windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 8ee8615f84..9bcaf00305 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -1,7 +1,7 @@
 ---
 title: Onboard non-persistent virtual desktop infrastructure (VDI) machines
-description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
-keywords: configure virtual desktop infrastructure (VDI) machine, vdi, machine management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Microsoft Defender ATP the service.
+keywords: configure virtual desktop infrastructure (VDI) machine, vdi, machine management, configure Windows ATP endpoints, configure Microsoft Defender Advanced Threat Protection endpoints
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -25,15 +25,15 @@ ms.date: 04/24/2018
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
 
 ## Onboard non-persistent virtual desktop infrastructure (VDI) machines
 
-Windows Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
+Microsoft Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
 
 
 - Instant early onboarding of a short living session
-    - A session should be onboarded to Windows Defender ATP prior to the actual provisioning.
+    - A session should be onboarded to Microsoft Defender ATP prior to the actual provisioning.
 
 - Machine name persistence
     - The machine names are typically reused for new sessions. One may ask to have them as a single machine entry while others may prefer to have multiple entries per machine name.
@@ -41,9 +41,9 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
 You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
 
 >[!WARNING]
-> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding. 
+> For environments where there are low resource configurations, the VDI boot proceedure might slow the Microsoft Defender ATP sensor onboarding. 
 
-1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
+1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
     a.  In the navigation pane, select **Settings** > **Onboarding**.
 
@@ -83,18 +83,18 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 
       d. Logon to machine with another user.
       
-      e. **For single entry for each machine**: Check only one entry in Windows Defender Security Center.<br>
-    **For multiple entries for each machine**: Check multiple entries in Windows Defender Security Center.
+      e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
+    **For multiple entries for each machine**: Check multiple entries in Microsoft Defender Security Center.
 
 7. Click **Machines list** on the Navigation pane.
 
 8. Use the search function by entering the machine name and select **Machine** as search type.
 
 ## Related topics
-- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
new file mode 100644
index 0000000000..3507beb090
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
@@ -0,0 +1,49 @@
+---
+title: Onboard Windows 10 machines on Microsoft Defender ATP
+description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
+keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+ms.date: 07/12/2018
+---
+
+# Onboard Windows 10 machines
+
+**Applies to:**
+
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+
+Machines in your organization must be configured so that the Microsoft Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
+
+The following deployment tools and methods are supported:
+
+- Group Policy
+- System Center Configuration Manager
+- Mobile Device Management (including Microsoft Intune)
+- Local script
+
+## In this section
+Topic | Description
+:---|:---
+[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md) | Use Group Policy to deploy the configuration package on machines.
+[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
+[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
+[Onboard Windows 10 machines using a local script](configure-endpoints-script.md) | Learn how to use the local script to deploy the configuration package on endpoints.
+[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI machines.
+
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
index 04731316ec..826dc3c276 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@@ -15,24 +15,22 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 02/28/2019
 ---
 
 # Configure and manage Microsoft Threat Experts capabilities
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
 ## Before you begin 
-To experience the full Microsoft Threat Experts targeted attack notification capability in Windows Defender ATP, and preview the experts-on-demand capability, you need to have a valid Premier customer service and support account. Premier charges will not be incurred during for the capability in preview, but for the generally available capability, there will be charges. 
- 
-You also need to ensure that you have Windows Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. 
+To experience the full Microsoft Threat Experts targeted attack notification capability in Microsoft Defender ATP, and preview the experts-on-demand capability, you need to have a valid Premier customer service and support account. Premier charges will not be incurred during for the capability in preview, but for the generally available capability, there will be charges.
+
+You also need to ensure that you have Microsoft Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. 
 
- 
 ## Register to Microsoft Threat Experts managed threat hunting service 
-If you're already a Windows Defender ATP customer, you can apply through the Windows Defender ATP portal. 
+If you're already a Microsoft Defender ATP customer, you can apply through the Microsoft Defender ATP portal. 
 
 1. From the navigation pane, go to **Settings > General > Advanced features > Microsoft Threat Experts**.
 
@@ -49,14 +47,13 @@ If you're already a Windows Defender ATP customer, you can apply through the Win
 
 ## Receive targeted attack notification from Microsoft Threat Experts 
 You can receive targeted attack notification from Microsoft Threat Experts through the following:  
-- The Windows Defender ATP portal's **Alerts** dashboard  
+- The Microsoft Defender ATP portal's **Alerts** dashboard  
 - Your email, if you choose to configure it 
 
 To receive targeted attack notifications through email, you need to create an email notification rule.
 
 ### Create an email notification rule 
-You can create rules to send email notifications for notification recipients. See  [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) to create, edit, delete, or troubleshoot email notification, for details.
-
+You can create rules to send email notifications for notification recipients. See  [Configure alert notifications](configure-email-notifications.md) to create, edit, delete, or troubleshoot email notification, for details.
 
 ## View the targeted attack notification  
 You'll start receiving targeted attack notification from Microsoft Threat Experts in your email after you have configured your system to receive email notification.  
@@ -68,7 +65,7 @@ You'll start receiving targeted attack notification from Microsoft Threat Expert
 
 ## Ask a Microsoft threat expert about suspicious cybersecurity activities in your organization 
 >[!NOTE]
->The Microsoft Threat Experts' experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. 
+>The Microsoft Threat Experts' experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved.
 
 You can partner with Microsoft Threat Experts who can be engaged directly from within the Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, a potentially compromised machine, or a threat intelligence context that you see on your portal dashboard. 
 
@@ -85,13 +82,13 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 
     **Step 2: Open a support ticket**    
     >[!NOTE]
-    >To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a Premier customer service and support account.  However, you will not be charged for the Experts-on-demand service during the preview.
+    >To experience the full Microsoft Threat Experts preview capability in Microsoft Defender ATP, you need to have a Premier customer service and support account.  However, you will not be charged for the Experts-on-demand service during the preview.
  
     a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**: <br>
 
     **Select the product family**: **Security**<br>
     **Select a product**: **Microsoft Threat Experts**<br>
-    **Select a category that best describes the issue**: **Windows Defender ATP**<br>
+    **Select a category that best describes the issue**: **Microsoft Defender ATP**<br>
     **Select a problem that best describes the issue**: Choose according to your inquiry category<br>  
        
     b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**.  <br>
@@ -105,10 +102,11 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
     f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number. <br>
 
 ## Sample questions to ask Microsoft Threat Experts
+
 **Alert information**
 - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
 - We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
-- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Windows Defender see these attempts? What type of sign-ins are being monitored?
+- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
 - Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. 
 
 **Possible machine compromise**
@@ -117,7 +115,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 
 **Threat intelligence details**
 - This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you please send me a link?
-- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Windows Defender ATP provides against this threat actor? 
+- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
 - Can your incident response team help us address the targeted attack notification that we got?
@@ -137,4 +135,3 @@ Response from Microsoft Threat Experts varies according to your inquiry. They wi
 - Initial information was enough to conclude the investigation 
 
 It is crucial to respond in a timely manner to keep the investigation moving. See the Premier customer service and support service level agreement for details.  
-
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
index 738c8f0548..a5a9380158 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
@@ -1,6 +1,6 @@
 ---
 title: Configure managed security service provider support
-description: Take the necessary steps to configure the MSSP integration with Windows Defender ATP 
+description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP 
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -21,9 +21,9 @@ ms.date: 09/03/2018
 # Configure managed security service provider integration
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -35,19 +35,19 @@ You'll need to take the following configuration steps to enable the managed secu
 > - MSSP customers: Organizations that engage the services of MSSPs.
 
 The integration will allow MSSPs to take the following actions:
-- Get access to MSSP customer's Windows Defender Security Center portal
+- Get access to MSSP customer's Microsoft Defender Security Center portal
 - Get email notifications, and 
 - Fetch alerts through security information and event management (SIEM) tools
 
-Before MSSPs can take these actions, the MSSP customer will need to grant access to their Windows Defender ATP tenant so that the MSSP can access the portal. 
+Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal. 
 
 Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP.
 
 
 In general, the following configuration steps need to be taken:
 
-- **Grant the MSSP access to Windows Defender Security Center** <br>
-This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Windows Defender ATP tenant.
+- **Grant the MSSP access to Microsoft Defender Security Center** <br>
+This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant.
 
 - **Configure alert notifications sent to MSSPs** <br>
 This action can be taken by either the MSSP customer or MSSP. This lets the MSSPs know what alerts they need to address for the MSSP customer.
@@ -65,27 +65,27 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs.
 > These set of steps are directed towards the MSSP customer. <br>
 > Access to the portal can only be done by the MSSP customer.
 
-As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center. 
+As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Microsoft Defender Security Center. 
 
 Authentication and authorization of the MSSP user is built on top of Azure Active Directory (Azure AD) B2B functionality. 
 
 You'll need to take the following 2 steps:
 - Add MSSP user to your tenant as a guest user
-- Grant MSSP user access to Windows Defender Security Center
+- Grant MSSP user access to Microsoft Defender Security Center
 
 ### Add MSSP user to your tenant as a guest user
 Add a user who is a member of the MSSP tenant to your tenant as a guest user.
 
 To grant portal access to the MSSP, you must add the MSSP user to your Azure AD as a guest user. For more information, see [Add Azure Active Directory B2B collaboration users in the Azure portal](https://docs.microsoft.com/azure/active-directory/b2b/add-users-administrator).
 
-### Grant MSSP user access to Windows Defender Security Center
-Grant the guest user access and permissions to your Windows Defender Security Center tenant.
+### Grant MSSP user access to Microsoft Defender Security Center
+Grant the guest user access and permissions to your Microsoft Defender Security Center tenant.
 
 Granting access to guest user is done the same way as granting access to a user who is a member of your tenant. 
 
-If you're using basic permissions to access the portal, the guest user must be assigned a Security Administrator role in **your** tenant. For more information, see [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md).
+If you're using basic permissions to access the portal, the guest user must be assigned a Security Administrator role in **your** tenant. For more information, see [Use basic permissions to access the portal](basic-permissions.md).
 
-If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Windows Defender ATP, see [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md).
+If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Microsoft Defender ATP, see [Manage portal access using RBAC](rbac.md).
 
 >[!NOTE]
 >There is no difference between the Member user and Guest user roles from RBAC perspective.
@@ -94,12 +94,12 @@ It is recommended that groups are created for MSSPs to make authorization access
 
 As a MSSP customer, you can always remove or modify the permissions granted to the MSSP by updating the Azure AD user groups. 
 
-##  Access the Windows Defender Security Center MSSP customer portal
+##  Access the Microsoft Defender Security Center MSSP customer portal
 
 >[!NOTE] 
 >These set of steps are directed towards the MSSP. 
 
-By default, MSSP customers access their Windows Defender Security Center tenant through the following URL: `https://securitycenter.windows.com`.
+By default, MSSP customers access their Microsoft Defender Security Center tenant through the following URL: `https://securitycenter.windows.com`.
 
 MSSPs however, will need to use a tenant-specific URL in the following format:  `https://securitycenter.windows.com?tid=customer_tenant_id` to access the MSSP customer portal. 
 
@@ -123,7 +123,7 @@ Use the following steps to obtain the MSSP customer tenant ID and then use the I
 
 After access the portal is granted, alert notification rules can to be created so that emails are sent to MSSPs when alerts associated with the tenant are created and set conditions are met.
 
-For more information, see [Create rules for alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md#create-rules-for-alert-notifications).
+For more information, see [Create rules for alert notifications](configure-email-notifications.md#create-rules-for-alert-notifications).
 
 These check boxes must be checked:
    - **Include organization name** - The customer name will be added to email notifications
@@ -142,12 +142,12 @@ Step 1: Create a third-party application
 
 Step 2: Get access and refresh tokens from your customer's tenant
 
-Step 3: Whitelist your application on Windows Defender Security Center
+Step 3: Whitelist your application on Microsoft Defender Security Center
 
 
 
 ### Step 1: Create an application in Azure Active Directory (Azure AD)
-You'll need to create an application and grant it permissions to fetch alerts from your customer's Windows Defender ATP tenant.
+You'll need to create an application and grant it permissions to fetch alerts from your customer's Microsoft Defender ATP tenant.
 
 1. Sign in to the [Azure AD portal](https://aad.portal.azure.com/).
 
@@ -257,8 +257,8 @@ After providing your credentials, you'll need to grant consent to the applicatio
 
 8. In the PowerShell window, you'll receive an access token and a refresh token. Save the refresh token to configure your SIEM connector. 
 
-### Step 3: Whitelist your application on Windows Defender Security Center
-You'll need to whitelist the application you created in Windows Defender Security Center.
+### Step 3: Whitelist your application on Microsoft Defender Security Center
+You'll need to whitelist the application you created in Microsoft Defender Security Center.
 
 You'll need to have **Manage portal system settings** permission to whitelist the application. Otherwise, you'll need to request your customer to whitelist the application for you.
 
@@ -272,17 +272,17 @@ You'll need to have **Manage portal system settings** permission to whitelist th
 
 5. Click **Authorize application**. 
 
-You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md).
+You can now download the relevant configuration file for your SIEM and connect to the Microsoft Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md).
 
 - In the ArcSight configuration file / Splunk Authentication Properties file – you will have to write your application key manually by settings the secret value.
 - Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
 
 ## Fetch alerts from MSSP customer's tenant using APIs
-For information on how to fetch alerts using REST API, see [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md).
+For information on how to fetch alerts using REST API, see [Pull alerts using REST API](pull-alerts-using-rest-api.md).
 
 ## Related topics
-- [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
-- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) 
-- [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
-- [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Use basic permissions to access the portal](basic-permissions.md)
+- [Manage portal access using RBAC](rbac.md) 
+- [Pull alerts to your SIEM tools](configure-siem.md)
+- [Pull alerts using REST API](pull-alerts-using-rest-api.md)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
similarity index 66%
rename from windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 595b8af148..6e843641a1 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -1,6 +1,6 @@
 ---
 title: Configure machine proxy and Internet connection settings
-description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
+description: Configure the Microsoft Defender ATP proxy and internet settings to enable communication with the cloud service.
 keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -21,15 +21,15 @@ ms.topic: article
 # Configure machine proxy and Internet connectivity settings
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-The Windows Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
+The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
-The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service.
+The embedded Microsoft Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Microsoft Defender ATP cloud service.
 
 The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
 
@@ -38,7 +38,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
     - Web Proxy Auto-discovery Protocol (WPAD)
 
 > [!NOTE]
-> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Windows Defender ATP URL exclusions in the proxy, see [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
+> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 
 
  - Manual static proxy configuration:
@@ -46,7 +46,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
     - WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
 
 ## Configure the proxy server manually using a registry-based static proxy
-Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report diagnostic data and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
+Configure a registry-based static proxy to allow only Microsoft Defender ATP sensor to report diagnostic data and communicate with Microsoft Defender ATP services if a computer is not be permitted to connect to the Internet.
 
 The static proxy is configurable through Group Policy (GP). The group policy can be found under: 
 - Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service
@@ -87,8 +87,14 @@ netsh winhttp set proxy <proxy>:<port>
 ```
 For example: netsh winhttp set proxy 10.0.0.6:8080
 
-## Enable access to Windows Defender ATP service URLs in the proxy server
-If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are not blocked by default. Do not disable security monitoring or inspection of these URLs, but allow them as you would other internet traffic. They permit communication with Windows Defender ATP service in port 80 and 443:
+To reset the winhttp proxy, enter the following command and press **Enter**
+```
+netsh winhttp reset proxy
+```
+See [Netsh Command Syntax, Contexts, and Formatting](https://docs.microsoft.com/windows-server/networking/technologies/netsh/netsh-contexts) to learn more.
+
+## Enable access to Microsoft Defender ATP service URLs in the proxy server
+If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are not blocked by default. Do not disable security monitoring or inspection of these URLs, but allow them as you would other internet traffic. They permit communication with Microsoft Defender ATP service in port 80 and 443:
 
 >[!NOTE]
 > URLs that include v20 in them are only needed if you have Windows 10, version 1803 or later machines. For example, ```us-v20.events.data.microsoft.com``` is only needed if the machine is on Windows 10, version 1803 or later. 
@@ -102,12 +108,12 @@ United States | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data
 
 
 
-If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
+If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
 
-## Windows Defender ATP service backend IP range 
+## Microsoft Defender ATP service backend IP range 
 If you network devices don't support the URLs white-listed in the prior section, you can use the following information.
 
-Windows Defender ATP is built on Azure cloud, deployed in the following regions:
+Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:
 
 - \+\<Region Name="uswestcentral">
 - \+\<Region Name="useast2">
@@ -124,11 +130,11 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
 > As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
 
 
-## Verify client connectivity to Windows Defender ATP service URLs
+## Verify client connectivity to Microsoft Defender ATP service URLs
 
-Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
+Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
 
-1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Windows Defender ATP sensor is running on.
+1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Microsoft Defender ATP sensor is running on.
 
 2.  Extract the contents of WDATPConnectivityAnalyzer on the machine.
 
@@ -151,7 +157,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
 5. Extract the *WDATPConnectivityAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
 
 6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. <br><br>
-The tool checks the connectivity of Windows Defender ATP service URLs that Windows Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Windows Defender ATP  services. For example:
+The tool checks the connectivity of Microsoft Defender ATP service URLs that Microsoft Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Microsoft Defender ATP  services. For example:
   ```text
   Testing URL : https://xxx.microsoft.com/xxx
   1 - Default proxy: Succeeded (200)
@@ -161,13 +167,13 @@ The tool checks the connectivity of Windows Defender ATP service URLs that Windo
   5 - Command line proxy: Doesn't exist              
   ```
 
-If at least one of the connectivity options returns a (200) status, then the Windows Defender ATP client can communicate with the tested URL properly using this connectivity method. <br><br>
+If at least one of the connectivity options returns a (200) status, then the Microsoft Defender ATP client can communicate with the tested URL properly using this connectivity method. <br><br>
 
-However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
+However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 > [!NOTE]
-> When the TelemetryProxyServer is set, in Registry or via Group Policy, Windows Defender ATP will fall back to direct if it can't access the defined proxy.
+> When the TelemetryProxyServer is set, in Registry or via Group Policy, Microsoft Defender ATP will fall back to direct if it can't access the defined proxy.
 
 ## Related topics
-- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
similarity index 62%
rename from windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 03df5ce551..442d8833a2 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -1,238 +1,239 @@
----
-title: Onboard servers to the Windows Defender ATP service
-description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
-keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Onboard servers to the Windows Defender ATP service
-
-**Applies to:**
-
-- Windows Server 2012 R2
-- Windows Server 2016
-- Windows Server, version 1803
-- Windows Server, 2019
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](prerelease.md)]
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)
-
-
-Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
-
-The service supports the onboarding of the following servers:
-- Windows Server 2012 R2
-- Windows Server 2016
-- Windows Server, version 1803
-- Windows Server 2019
-
-
-For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Windows Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
-
-## Windows Server 2012 R2 and Windows Server 2016
-
-There are two options to onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP:
-
-- **Option 1**: Onboard through Azure Security Center
-- **Option 2**: Onboard through Windows Defender Security Center
-
-### Option 1: Onboard servers through Azure Security Center
-1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
-
-2. Select Windows Server 2012 R2 and 2016 as the operating system.
-
-3. Click **Onboard Servers in Azure Security Center**. 
-
-4. Follow the onboarding instructions in [Windows Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
-
-### Option 2: Onboard servers through Windows Defender Security Center
-You'll need to tak the following steps if you choose to onboard servers through Windows Defender Security Center. 
-
-- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
-
-    >[!NOTE]
-    >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
-
-- Turn on server monitoring from Windows Defender Security Center.
-- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through Multi Homing support. Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).

-
->[!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
-
-### Configure and update System Center Endpoint Protection clients
->[!IMPORTANT]
->This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
-
-Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
-
-The following steps are required to enable this integration: 
-- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
-- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
-
-
-### Turn on Server monitoring from the Windows Defender Security Center portal
-
-1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
-
-2. Select Windows Server 2012 R2 and 2016 as the operating system.
- 
-3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
-
-<span id="server-mma"/>
-### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP 
-
-1.	Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
-
-2.	Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the server:
-    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup) <br>
-    On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
-    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script). 
-
-3.	You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings).
-
-Once completed, you should see onboarded servers in the portal within an hour.
-
-<span id="server-proxy"/>
-### Configure server proxy and Internet connectivity settings
- 
-- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
-- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
-
-Agent Resource    |    Ports 
-:---|:---
-|    *.oms.opinsights.azure.com    |    443    |
-|    *.blob.core.windows.net    |    443    |
-|    *.azure-automation.net    |    443    |
-|    *.ods.opinsights.azure.com    |    443    |
-|    winatp-gw-cus.microsoft.com     |    443    |
-|    winatp-gw-eus.microsoft.com    |    443    |
-|    winatp-gw-neu.microsoft.com    |    443    |
-|    winatp-gw-weu.microsoft.com    |    443    |
-|winatp-gw-uks.microsoft.com | 443 |
-|winatp-gw-ukw.microsoft.com | 443 | 
-| winatp-gw-aus.microsoft.com | 443| 
-| winatp-gw-aue.microsoft.com |443 | 
-
-## Windows Server, version 1803 and Windows Server 2019
-To onboard Windows Server, version 1803 or Windows Server 2019, use the same method used when onboarding Windows 10 machines.
-
-Supported tools include:
-- Local script
-- Group Policy 
-- System Center Configuration Manager 2012 / 2012 R2  1511 / 1602
-- VDI onboarding scripts for non-persistent machines
-
- For more information, see  [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 and Windows 2019 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. 
-
-1. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). 
-
-2.	If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
-
-    a. Set the following registry entry:
-       - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
-       - Name: ForceDefenderPassiveMode
-       - Value: 1
-
-    b. Run the following PowerShell command to verify that the passive mode was configured:
-
-       ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
-
-    c. Confirm  that a recent event containing the passive mode event is found:
-       
-       ![Image of passive mode verification result](images/atp-verify-passive-mode.png)
-
-3. Run the following command to check if Windows Defender AV is installed:
-
-   ```sc query Windefend```
-
-    If the result is �The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
-
-
-## Integration with Azure Security Center
-Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
-
->[!NOTE]
->You'll need to have the appropriate license to enable this feature. 
-
-The following capabilities are included in this integration:
-- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
-
-    >[!NOTE]
-    > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
-
-- Servers monitored by  Azure Security Center will also be available in Windows Defender ATP - Azure Security Center seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers.  In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
-- Server investigation -  Azure Security Center customers can access Windows Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
-
->[!IMPORTANT]
->- When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created. The Windows Defender ATP data is stored in Europe by default. 
->- If you use Windows Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
-
-
-
-## Offboard servers 
-You can offboard Windows Server, version 1803 and Windows 2019 in the same method available for Windows 10 client machines. 
-
-For other server versions, you have two options to offboard servers from the service:
-- Uninstall the MMA agent
-- Remove the Windows Defender ATP workspace configuration
-
->[!NOTE]
->Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
-
-### Uninstall servers by uinstalling the MMA agent
-To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
-For more information, see [To disable an agent](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
-
-### Remove the Windows Defender ATP workspace configuration
-To offboard the server, you can use either of the following methods:
-
-- Remove the Windows Defender ATP workspace configuration from the MMA agent 
-- Run a PowerShell command to remove the configuration
-
-#### Remove the Windows Defender ATP workspace configuration from the MMA agent 
-
-1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
-
-2. Select the Windows Defender ATP workspace, and click **Remove**.
-
-    ![Image of Microsoft Monitoring Agen Properties](images/atp-mma.png)
-
-#### Run a PowerShell command to remove the configuration
-
-1. Get your Workspace ID:
-   a. In the navigation pane, select **Settings** > **Onboarding**.
-
-   b. Select **Windows Server 2012 R2 and 2016** as the operating system and get your Workspace ID:
-    
-        ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)
-
-2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
-
-    ```
-    # Load agent scripting object
-    $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
-    # Remove OMS Workspace
-    $AgentCfg.RemoveCloudWorkspace($WorkspaceID)
-    # Reload the configuration and apply changes
-    $AgentCfg.ReloadConfiguration()
-    ```
-
-## Related topics
-- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
-- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+---
+title: Onboard servers to the Microsoft Defender ATP service
+description: Onboard servers so that they can send sensor data to the Microsoft Defender ATP sensor.
+keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Onboard servers to the Microsoft Defender ATP service
+
+**Applies to:**
+
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Server, version 1803
+- Windows Server, 2019
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)
+
+
+Microsoft Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Microsoft Defender Security Center console.
+
+The service supports the onboarding of the following servers:
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Server, version 1803
+- Windows Server 2019
+
+
+For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
+
+## Windows Server 2012 R2 and Windows Server 2016
+
+There are two options to onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP:
+
+- **Option 1**: Onboard through Azure Security Center
+- **Option 2**: Onboard through Microsoft Defender Security Center
+
+### Option 1: Onboard servers through Azure Security Center
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+2. Select Windows Server 2012 R2 and 2016 as the operating system.
+
+3. Click **Onboard Servers in Azure Security Center**. 
+
+4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
+
+### Option 2: Onboard servers through Microsoft Defender Security Center
+You'll need to tak the following steps if you choose to onboard servers through Microsoft Defender Security Center. 
+
+- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
+
+    >[!NOTE]
+    >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
+
+- Turn on server monitoring from Microsoft Defender Security Center.
+- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multi Homing support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
+
+
+>[!TIP]
+> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+
+### Configure and update System Center Endpoint Protection clients
+>[!IMPORTANT]
+>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
+
+Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
+
+The following steps are required to enable this integration: 
+- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
+- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
+
+
+### Turn on Server monitoring from the Microsoft Defender Security Center portal
+
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+2. Select Windows Server 2012 R2 and 2016 as the operating system.
+ 
+3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
+
+<span id="server-mma"/>
+### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP 
+
+1.	Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
+
+2.	Using the Workspace ID and Workspace key provided in the previous procedure, choose any of the following installation methods to install the agent on the server:
+    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup) <br>
+    On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
+    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script). 
+
+3.	You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings).
+
+Once completed, you should see onboarded servers in the portal within an hour.
+
+<span id="server-proxy"/>
+### Configure server proxy and Internet connectivity settings
+ 
+- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
+- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Microsoft Defender ATP service:
+
+Agent Resource    |    Ports 
+:---|:---
+|    *.oms.opinsights.azure.com    |    443    |
+|    *.blob.core.windows.net    |    443    |
+|    *.azure-automation.net    |    443    |
+|    *.ods.opinsights.azure.com    |    443    |
+|    winatp-gw-cus.microsoft.com     |    443    |
+|    winatp-gw-eus.microsoft.com    |    443    |
+|    winatp-gw-neu.microsoft.com    |    443    |
+|    winatp-gw-weu.microsoft.com    |    443    |
+|winatp-gw-uks.microsoft.com | 443 |
+|winatp-gw-ukw.microsoft.com | 443 | 
+| winatp-gw-aus.microsoft.com | 443| 
+| winatp-gw-aue.microsoft.com |443 | 
+
+## Windows Server, version 1803 and Windows Server 2019
+To onboard Windows Server, version 1803 or Windows Server 2019, use the same method used when onboarding Windows 10 machines.
+
+Supported tools include:
+- Local script
+- Group Policy 
+- System Center Configuration Manager 2012 / 2012 R2  1511 / 1602
+- VDI onboarding scripts for non-persistent machines
+
+ For more information, see  [Onboard Windows 10 machines](configure-endpoints.md). Support for Windows Server, version 1803 and Windows 2019 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. 
+
+1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints.md). 
+
+2.	If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
+
+    a. Set the following registry entry:
+       - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
+       - Name: ForceDefenderPassiveMode
+       - Value: 1
+
+    b. Run the following PowerShell command to verify that the passive mode was configured:
+
+       ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
+
+    c. Confirm  that a recent event containing the passive mode event is found:
+       
+       ![Image of passive mode verification result](images/atp-verify-passive-mode.png)
+
+3. Run the following command to check if Windows Defender AV is installed:
+
+   ```sc query Windefend```
+
+    If the result is �The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
+
+
+## Integration with Azure Security Center
+Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
+
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature. 
+
+The following capabilities are included in this integration:
+- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
+
+    >[!NOTE]
+    > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
+
+- Servers monitored by  Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers.  In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
+- Server investigation -  Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
+
+>[!IMPORTANT]
+>- When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default. 
+>- If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
+
+
+
+## Offboard servers 
+You can offboard Windows Server, version 1803 and Windows 2019 in the same method available for Windows 10 client machines. 
+
+For other server versions, you have two options to offboard servers from the service:
+- Uninstall the MMA agent
+- Remove the Microsoft Defender ATP workspace configuration
+
+>[!NOTE]
+>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
+
+### Uninstall servers by uinstalling the MMA agent
+To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Microsoft Defender ATP.
+For more information, see [To disable an agent](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
+
+### Remove the Microsoft Defender ATP workspace configuration
+To offboard the server, you can use either of the following methods:
+
+- Remove the Microsoft Defender ATP workspace configuration from the MMA agent 
+- Run a PowerShell command to remove the configuration
+
+#### Remove the Microsoft Defender ATP workspace configuration from the MMA agent 
+
+1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
+
+2. Select the Microsoft Defender ATP workspace, and click **Remove**.
+
+    ![Image of Microsoft Monitoring Agen Properties](images/atp-mma.png)
+
+#### Run a PowerShell command to remove the configuration
+
+1. Get your Workspace ID:
+   a. In the navigation pane, select **Settings** > **Onboarding**.
+
+   b. Select **Windows Server 2012 R2 and 2016** as the operating system and get your Workspace ID:
+    
+      ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)
+
+2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
+
+    ```
+    # Load agent scripting object
+    $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
+    # Remove OMS Workspace
+    $AgentCfg.RemoveCloudWorkspace($WorkspaceID)
+    # Reload the configuration and apply changes
+    $AgentCfg.ReloadConfiguration()
+    ```
+
+## Related topics
+- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Onboard non-Windows machines](configure-endpoints-non-windows.md)
+- [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
+- [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md)
+- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
new file mode 100644
index 0000000000..c5e8719018
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@@ -0,0 +1,63 @@
+---
+title: Pull alerts to your SIEM tools from Microsoft Defender Advanced Threat Protection
+description: Learn how to use REST API and configure supported security information and events management tools to receive and pull alerts.
+keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+ms.date: 10/16/2017
+---
+
+# Pull alerts to your SIEM tools
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+
+## Pull alerts using security information and events management (SIEM) tools
+Microsoft Defender ATP supports (SIEM) tools to pull alerts. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
+
+
+Microsoft Defender ATP currently supports the following SIEM tools:
+
+- Splunk
+- HP ArcSight
+
+To use either of these supported SIEM tools you'll need to:
+
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- Configure the supported SIEM tool:
+    - [Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)
+    - [Configure HP ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)
+
+For more information on the list of fields exposed in the alerts API see, [Microsoft Defender ATP alert API fields](api-portal-mapping.md).
+
+
+## Pull Microsoft Defender ATP alerts using REST API
+Microsoft Defender ATP supports the OAuth 2.0 protocol to pull alerts using REST API.
+
+For more information, see [Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md).
+
+
+## In this section
+
+Topic | Description
+:---|:---
+[Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
+[Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Microsoft Defender ATP alerts.
+[Configure HP ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Microsoft Defender ATP alerts.
+[Microsoft Defender ATP alert API fields](api-portal-mapping.md) | Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center.
+[Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Microsoft Defender ATP using REST API.
+[Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) | Address issues you might encounter when using the SIEM integration feature.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
index baf0a25a95..6e5283c7f0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md
@@ -1,6 +1,6 @@
 ---
-title: Configure Splunk to pull Windows Defender ATP alerts
-description: Configure Splunk to receive and pull alerts from Windows Defender Security Center.
+title: Configure Splunk to pull Microsoft Defender ATP alerts
+description: Configure Splunk to receive and pull alerts from Microsoft Defender Security Center.
 keywords: configure splunk, security information and events management tools, splunk
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,23 +18,23 @@ ms.topic: article
 ms.date: 10/16/2017
 ---
 
-# Configure Splunk to pull Windows Defender ATP alerts
+# Configure Splunk to pull Microsoft Defender ATP alerts
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) 
 
-You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
+You'll need to configure Splunk so that it can pull Microsoft Defender ATP alerts.
 
 ## Before you begin
 
 - Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk.
-- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
 
 - Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
   - OAuth 2 Token refresh URL
@@ -107,7 +107,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
   </tr>
   <tr>
   <td>Polling Interval</td>
-  <td>Number of seconds that Splunk will ping the Windows Defender ATP machine. Accepted values are in seconds.</td>
+  <td>Number of seconds that Splunk will ping the Microsoft Defender ATP machine. Accepted values are in seconds.</td>
   </tr>
   <tr>
   <td>Set sourcetype</td>
@@ -146,8 +146,8 @@ Use the solution explorer to view alerts in Splunk.
 >```source="rest://windows atp alerts" | spath | dedup _raw | table *``` 
 
 ## Related topics
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)
+- [Microsoft Defender ATP alert API fields](api-portal-mapping.md)
+- [Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index e6a5f47f96..c100b9ddf2 100644
--- a/windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -14,18 +14,19 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-
 ---
 
-# Create alert from event API 
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+# Create alert from event API
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,10 +35,11 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
+
 ```
 POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
 ```
@@ -50,6 +52,7 @@ Authorization | String | Bearer {token}. **Required**.
 Content-Type | String | application/json. **Required**.
 
 ## Request body
+
 In the request body, supply the following values (all are required):
 
 Property | Type | Description
@@ -63,10 +66,9 @@ eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced
 reportId | String | The reportId, as obtained from the advanced query. **Required**.
 category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and	'General'.
 
-
 ## Response
-If successful, this method returns 200 OK, and a new [alert](alerts-windows-defender-advanced-threat-protection-new.md) object in the response body. If event with the specified properties (_reportId_, _eventTime_ and _machineId_) was not found - 404 Not Found.
 
+If successful, this method returns 200 OK, and a new [alert](alerts.md) object in the response body. If event with the specified properties (_reportId_, _eventTime_ and _machineId_) was not found - 404 Not Found.
 
 ## Example
 
@@ -74,7 +76,7 @@ If successful, this method returns 200 OK, and a new [alert](alerts-windows-defe
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
@@ -89,5 +91,5 @@ Content-Length: application/json
   "eventTime": "2018-08-03T16:45:21.7115183Z",
   "reportId": "20776",
   "category": "None"
-} 
+}
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
rename to windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 4998ae8a80..bb24ba24f8 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Create custom detection rules in Windows Defender ATP
+title: Create custom detection rules in Microsoft Defender ATP
 description: Learn how to create custom detections rules based on advanced hunting queries
 keywords: create custom detections, detections, advanced hunting, hunt, detect, query
 search.product: eADQiWindows 10XVcnh
@@ -20,7 +20,7 @@ ms.topic: article
 
 # Create custom detections rules
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 1.	In the navigation pane, select **Advanced hunting**.
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md
index bc9982d2ae..d8c343030c 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md
@@ -1,6 +1,6 @@
 ---
 title: Create custom alerts using the threat intelligence API
-description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
+description: Create your custom alert definitions and indicators of compromise in Microsoft Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
 keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -15,24 +15,22 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 04/24/2018
 ---
 
-# Create custom alerts using the threat intelligence (TI) application program interface (API)
+# Create custom alerts using the threat intelligence (TI) application program interface (API) (Deprecated)
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
 
 You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization.
 
 ## Before you begin
-Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
+Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti.md).
 
 ### Use the threat intelligence REST API to create custom threat intelligence alerts
 You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource:
@@ -61,7 +59,7 @@ For this URL:
 Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage).
 
 ## Request an access token from the token issuing endpoint
-Windows Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Windows Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Settings** page and click the **Generate Token** button. However, if you’d like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
+Microsoft Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Microsoft Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Settings** page and click the **Generate Token** button. However, if you’d like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
 
 For more information about the authorization flow, see [OAuth 2.0 authorization flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-protocols-oauth-code#oauth-20-authorization-flow).
 
@@ -71,7 +69,7 @@ Make an HTTP POST request to the token issuing endpoint with the following param
 > The authorization server URL is `https://login.windows.net/<AADTenantID>/oauth2/token`. Replace `<AADTenantID>` with your Azure Active Directory tenant ID.
 
 >[!NOTE]
-> The `<ClientId>`, `<ClientSecret>`, and the `<AuthorizationServerUrl>` are all provided to you when enabling the custom threat intelligence application. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
+> The `<ClientId>`, `<ClientSecret>`, and the `<AuthorizationServerUrl>` are all provided to you when enabling the custom threat intelligence application. For more information, see [Enable the custom threat intelligence application](enable-custom-ti.md).
 
 
 ```
@@ -137,7 +135,7 @@ Content-Type: application/json;
 }
 ```
 
-The following values correspond to the alert sections surfaced on Windows Defender Security Center:
+The following values correspond to the alert sections surfaced on Microsoft Defender Security Center:
 ![Image of alert from the portal](images/atp-custom-ti-mapping.png)
 
 Highlighted section | JSON key name
@@ -387,8 +385,8 @@ Upon a successful request the response will be HTTP 204.
 > As with all OData actions, this action is sending an HTTP POST request not DELETE.
 
 
-## Windows Defender ATP optional query parameters
-The Windows Defender ATP threat intelligence API  provides several optional query parameters that you can use to specify and control the amount of data returned in a response. The threat intelligence API supports the following query options:
+## Microsoft Defender ATP optional query parameters
+The Microsoft Defender ATP threat intelligence API  provides several optional query parameters that you can use to specify and control the amount of data returned in a response. The threat intelligence API supports the following query options:
 
 Name | Value | Description
 :---|:---|:--
@@ -405,14 +403,14 @@ These parameters are compatible with the [OData V4 query language](http://docs.o
 
 ## Code examples
 The following articles provide detailed code examples that demonstrate how to use the custom threat intelligence API in several programming languages:
-- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+- [PowerShell code examples](powershell-example-code.md)
+- [Python code examples](python-example-code.md)
 
 
 ## Related topics
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
-- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Understand threat intelligence concepts](threat-indicator-concepts.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
+- [Python code examples for the custom threat intelligence API](python-example-code.md)
+- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
new file mode 100644
index 0000000000..eac5c12814
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
@@ -0,0 +1,48 @@
+---
+title: Update data retention settings for Microsoft Defender Advanced Threat Protection
+description: Update data retention settings by selecting between 30 days to 180 days.
+keywords: data, storage, settings, retention, update
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+ms.date: 04/24/2018
+---
+# Update data retention settings for Microsoft Defender ATP 
+
+**Applies to:**
+
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
+
+During the onboarding process, a wizard takes you through the general settings of Microsoft Defender ATP. After onboarding, you might want to update the data retention settings.
+
+1. In the navigation pane, select **Settings** > **Data rention**.
+
+2. Select the data retention duration from the drop-down list.
+
+    > [!NOTE]
+    > Other settings are not editable.
+
+3. Click **Save preferences**.
+
+
+## Related topics
+- [Update data retention settings](data-retention-settings.md)
+- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
+- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+- [Enable Secure Score security controls](enable-secure-score.md)
+- [Configure advanced features](advanced-features.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
similarity index 70%
rename from windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
index 8967eb0a92..a5e5371afb 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Defender ATP data storage and privacy
-description: Learn about how Windows Defender ATP handles privacy and data that it collects.
-keywords: Windows Defender ATP data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
+title: Microsoft Defender ATP data storage and privacy
+description: Learn about how Microsoft Defender ATP handles privacy and data that it collects.
+keywords: Microsoft Defender ATP data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -17,26 +17,26 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Windows Defender ATP data storage and privacy
+# Microsoft Defender ATP data storage and privacy
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
 
 
-This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP.
+This section covers some of the most frequently asked questions regarding privacy and data handling for Microsoft Defender ATP.
 > [!NOTE]
-> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
+> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Windows Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
 
-## What data does Windows Defender ATP collect?
+## What data does Microsoft Defender ATP collect?
 
-Windows Defender ATP will collect and store information from your configured machines in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
+Microsoft Defender ATP will collect and store information from your configured machines in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
 
 Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version).
 
 Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
-This data enables Windows Defender ATP to:
+This data enables Microsoft Defender ATP to:
 - Proactively identify indicators of attack (IOAs) in your organization
 - Generate alerts if a possible attack was detected
 - Provide your security operations with a view into machines, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
@@ -44,10 +44,10 @@ This data enables Windows Defender ATP to:
 Microsoft does not use your data for advertising.
 
 ## Data protection and encryption
-The Windows Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
+The Microsoft Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
 
 
-There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Windows Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
+There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Microsoft Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
 
 In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
 
@@ -84,12 +84,12 @@ Your data will be kept and will be available to you while the licence is under g
 
 
 ## Can Microsoft help us maintain regulatory compliance?
-Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP is ISO 27001 certified and has a roadmap for obtaining national, regional and industry-specific certifications.
+Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Microsoft Defender ATP services against their own legal and regulatory requirements. Microsoft Defender ATP is ISO 27001 certified and has a roadmap for obtaining national, regional and industry-specific certifications.
 
-Windows Defender ATP for Government (soon to be in preview) is currently undergoing audit for achieving FedRAMP High accreditation as well as Provisional Authorization (PA) at Impact Levels 4 and 5. 
+Microsoft Defender ATP for Government (soon to be in preview) is currently undergoing audit for achieving FedRAMP High accreditation as well as Provisional Authorization (PA) at Impact Levels 4 and 5. 
 
 By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run.
 
-For more information on the Windows Defender ATP ISO certification reports, see [Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001). 
+For more information on the Microsoft Defender ATP ISO certification reports, see [Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001). 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-datastorage-belowfoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-datastorage-belowfoldlink) 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
new file mode 100644
index 0000000000..4d9d0fa3ce
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
@@ -0,0 +1,46 @@
+---
+title: Windows Defender Antivirus compatibility with Microsoft Defender ATP
+description: Learn about how Windows Defender works with Microsoft Defender ATP and how it functions when a third-party antimalware client is used.  
+keywords: windows defender compatibility, defender, windows defender atp
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+ms.date: 04/24/2018
+---
+
+# Windows Defender Antivirus compatibility with Microsoft Defender ATP
+
+**Applies to:**
+
+
+- Windows Defender
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
+
+The Microsoft Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning.
+
+>[!IMPORTANT]
+>Microsoft Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. 
+
+You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+
+If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
+
+Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
+
+The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
+
+For more information, see the [Windows Defender Antivirus and Microsoft Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
index 51f12e0109..63b7f3400b 100644
--- a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@@ -19,7 +19,7 @@ ms.topic: article
 # Delete Indicator API
 
 **Applies to:**  
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 >[!Note]
@@ -42,7 +42,7 @@ Application |	Ti.ReadWrite.All |	'Read and write Indicators'
 Delete https://api.securitycenter.windows.com/api/indicators/{id}
 ```
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ## Request headers
diff --git a/windows/security/threat-protection/windows-defender-atp/deprecate.md b/windows/security/threat-protection/microsoft-defender-atp/deprecate.md
similarity index 53%
rename from windows/security/threat-protection/windows-defender-atp/deprecate.md
rename to windows/security/threat-protection/microsoft-defender-atp/deprecate.md
index fe73a4d416..ac6fe24aed 100644
--- a/windows/security/threat-protection/windows-defender-atp/deprecate.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deprecate.md
@@ -4,4 +4,4 @@ ms.date: 10/17/2018
 >[!WARNING]
 
 
-> This page documents a feature that will soon be deprecated. For the updated and supported version, see [Use the Windows Defender ATP APIs](use-apis.md).
\ No newline at end of file
+> This page documents a feature that will soon be deprecated. For the updated and supported version, see [Use the Microsoft Defender ATP APIs](use-apis.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
similarity index 62%
rename from windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
index 49545c0428..3c3803dbe2 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
@@ -1,6 +1,6 @@
 ---
-title: Enable the custom threat intelligence API in Windows Defender ATP
-description: Learn how to setup the custom threat intelligence application in Windows Defender ATP to create custom threat intelligence (TI).
+title: Enable the custom threat intelligence API in Microsoft Defender ATP
+description: Learn how to setup the custom threat intelligence application in Microsoft Defender ATP to create custom threat intelligence (TI).
 keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -15,21 +15,21 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 04/24/2018
 ---
 
-# Enable the custom threat intelligence API in Windows Defender ATP
+# Enable the custom threat intelligence API in Microsoft Defender ATP (Deprecated)
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+>[!TIP]
+>This topic has been deprecated. See [Indicators](ti-indicator.md) for the updated content.
 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
-
-Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Windows Defender Security Center.
+Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Microsoft Defender Security Center.
 
 1. In the navigation pane, select **Settings** >  **Threat intel**.
 
@@ -41,16 +41,16 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee
 
   >[!WARNING]
   >The client secret is only displayed once. Make sure you keep a copy of it in a safe place. <br>
-  For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
+  For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti.md#learn-how-to-get-a-new-client-secret).
 
 4. Select **Generate tokens** to get an access and refresh token.
 
 You’ll need to use the access token in the Authorization header when doing REST API calls.
 
 ## Related topics
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
-- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Understand threat intelligence concepts](threat-indicator-concepts.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
+- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
+- [Python code examples for the custom threat intelligence API](python-example-code.md)
+- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
similarity index 58%
rename from windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
index c4590d0678..7d87930ea5 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
@@ -1,5 +1,5 @@
 ---
-title: Enable Secure Score in Windows Defender ATP
+title: Enable Secure Score in Microsoft Defender ATP
 description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard.
 keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard
 search.product: eADQiWindows 10XVcnh
@@ -23,7 +23,7 @@ ms.date: 04/24/2018
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
@@ -39,8 +39,8 @@ Set the baselines for calculating the score of Windows Defender security control
 3. Click **Save preferences**.
 
 ## Related topics
-- [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-- [Update data retention settings for Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
-- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-- [Configure advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard](secure-score-dashboard.md)
+- [Update data retention settings for Microsoft Defender ATP](data-retention-settings.md)
+- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
+- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+- [Configure advanced features in Microsoft Defender ATP](advanced-features.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
similarity index 61%
rename from windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
index b3d89ea8d0..14f0555964 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
@@ -1,5 +1,5 @@
 ---
-title: Enable SIEM integration in Windows Defender ATP
+title: Enable SIEM integration in Microsoft Defender ATP
 description: Enable SIEM integration to receive alerts in your security information and event management (SIEM) solution.
 keywords: enable siem connector, siem, connector, security information and events
 search.product: eADQiWindows 10XVcnh
@@ -18,15 +18,15 @@ ms.topic: article
 ms.date: 12/10/2018
 ---
 
-# Enable SIEM integration in Windows Defender ATP
+# Enable SIEM integration in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
 
-Enable security information and event management (SIEM) integration so you can pull alerts from Windows Defender Security Center using your SIEM solution or by connecting directly to the alerts REST API.
+Enable security information and event management (SIEM) integration so you can pull alerts from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the alerts REST API.
 
 ## Prerequisites
 - The user who activates the setting must have permissions to create an app in Azure Active Directory (AAD). This is typically someone with a **Global administrator** role.
@@ -44,7 +44,7 @@ Enable security information and event management (SIEM) integration so you can p
 
     > [!WARNING]
     >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.<br>
-     For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
+     For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti.md#learn-how-to-get-a-new-client-secret).
 
     ![Image of SIEM integration from Settings menu](images/siem_details.png)
 
@@ -64,14 +64,14 @@ Enable security information and event management (SIEM) integration so you can p
   > [!NOTE]
   > You'll need to generate a new Refresh token every 90 days. 
 
-You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Windows Defender Security Center.
+You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Microsoft Defender Security Center.
 
-## Integrate Windows Defender ATP with IBM QRadar 
-You can configure IBM QRadar to collect alerts from Windows Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
+## Integrate Microsoft Defender ATP with IBM QRadar 
+You can configure IBM QRadar to collect alerts from Microsoft Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
 ## Related topics
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)
+- [Configure HP ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)
+- [Microsoft Defender ATP alert API fields](api-portal-mapping.md)
+- [Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
similarity index 65%
rename from windows/security/threat-protection/windows-defender-atp/evaluate-atp.md
rename to windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
index 6dd9971ceb..85aa0f8290 100644
--- a/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
@@ -1,5 +1,5 @@
 ---
-title: Evaluate Windows Defender Advanced Threat Protection
+title: Evaluate Microsoft Defender Advanced Threat Protection
 description: 
 keywords: 
 search.product: eADQiWindows 10XVcnh
@@ -18,12 +18,12 @@ ms.topic: conceptual
 ms.date: 08/10/2018
 ---
 
-# Evaluate Windows Defender ATP 
-[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
+# Evaluate Microsoft Defender ATP 
+[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
 
-You can evaluate Windows Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp).
+You can evaluate Microsoft Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp).
 
-You can also evaluate the different security capabilities in Windows Defender ATP by using the following instructions. 
+You can also evaluate the different security capabilities in Microsoft Defender ATP by using the following instructions. 
 
 ## Evaluate attack surface reduction
 These capabilities help prevent attacks and exploitations from infecting your organization.
@@ -40,4 +40,4 @@ Next gen protections help detect and block the latest threats.
 
 
 ## See Also
-[Get started with Windows Defender Advanced Threat Protection](get-started.md)
\ No newline at end of file
+[Get started with Microsoft Defender Advanced Threat Protection](get-started.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
similarity index 59%
rename from windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index f49caf3929..cf3bab142d 100644
--- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -1,7 +1,7 @@
 ---
 title: Review events and errors using Event Viewer
-description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
-keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start
+description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Microsoft Defender ATP service.
+keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender Advanced Threat Protection service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -25,7 +25,7 @@ ms.date: 05/21/2018
 
 - Event Viewer
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
@@ -34,9 +34,9 @@ You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/librar
 For example, if machines are not appearing in the **Machines list**, you might need to look for event IDs on the machines. You can then use this table to determine further troubleshooting steps.
 
 > [!NOTE]
-> It can take several days for machines to begin reporting to the Windows Defender ATP service.
+> It can take several days for machines to begin reporting to the Microsoft Defender ATP service.
 
-**Open Event Viewer and find the Windows Defender ATP service event log:**
+**Open Event Viewer and find the Microsoft Defender ATP service event log:**
 
 1.  Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**.
 
@@ -46,7 +46,7 @@ For example, if machines are not appearing in the **Machines list**, you might n
   a.  You can also access the log by expanding **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE** and click on **Operational**.
 
     > [!NOTE]
-	> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
+	> SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender ATP.
 
 3.  Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service.
 
@@ -60,106 +60,106 @@ For example, if machines are not appearing in the **Machines list**, you might n
 </tr>
 <tr>
 <td>1</td>
-<td>Windows Defender Advanced Threat Protection service started (Version ```variable```).</td>
+<td>Microsoft Defender Advanced Threat Protection service started (Version ```variable```).</td>
 <td>Occurs during system start up, shut down, and during onbboarding.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>2</td>
-<td>Windows Defender Advanced Threat Protection service shutdown.</td>
+<td>Microsoft Defender Advanced Threat Protection service shutdown.</td>
 <td>Occurs when the machine is shut down or offboarded.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>3</td>
-<td>Windows Defender Advanced Threat Protection service failed to start. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to start. Failure code: ```variable```.</td>
 <td>Service did not start.</td>
 <td>Review other messages to determine possible cause and troubleshooting steps.</td>
 </tr>
 <tr>
 <td>4</td>
-<td>Windows Defender Advanced Threat Protection service contacted the server at ```variable```.</td>
-<td>Variable = URL of the Windows Defender ATP processing servers.<br>
+<td>Microsoft Defender Advanced Threat Protection service contacted the server at ```variable```.</td>
+<td>Variable = URL of the Microsoft Defender ATP processing servers.<br>
 This URL will match that seen in the Firewall or network activity.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>5</td>
-<td>Windows Defender Advanced Threat Protection service failed to connect to the server at ```variable```.</td>
-<td>Variable = URL of the Windows Defender ATP processing servers.<br>
+<td>Microsoft Defender Advanced Threat Protection service failed to connect to the server at ```variable```.</td>
+<td>Variable = URL of the Microsoft Defender ATP processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
-<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet-windows-defender-advanced-threat-protection.md).</td>
+<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet.md).</td>
 </tr>
 <tr>
 <td>6</td>
-<td>Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.</td>
+<td>Microsoft Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.</td>
 <td>The machine did not onboard correctly and will not be reporting to the portal.</td>
 <td>Onboarding must be run before starting the service.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>7</td>
-<td>Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```.</td>
 <td>Variable = detailed error description. The machine did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>8</td>
-<td>Windows Defender Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```.</td>
 <td>**During onboarding:** The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> **During offboarding:** The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  </td>
 <td>**Onboarding:** No action required. <br><br> **Offboarding:** Reboot the system.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>9</td>
-<td>Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```.</td>
 <td>**During onboarding:** The machine did not onboard correctly and will not be reporting to the portal. <br><br>**During offboarding:** Failed to change the service start type. The offboarding process continues. </td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>10</td>
-<td>Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```.</td>
 <td>The machine did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>11</td>
-<td>Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed.</td>
+<td>Onboarding or re-onboarding of Microsoft Defender Advanced Threat Protection service completed.</td>
 <td>The machine onboarded correctly.</td>
 <td>Normal operating notification; no action required.<br>
 It may take several hours for the machine to appear in the portal.</td>
 </tr>
 <tr>
 <td>12</td>
-<td>Windows Defender Advanced Threat Protection failed to apply the default configuration.</td>
+<td>Microsoft Defender Advanced Threat Protection failed to apply the default configuration.</td>
 <td>Service was unable to apply the default configuration.</td>
 <td>This error should resolve after a short period of time.</td>
 </tr>
 <tr>
 <td>13</td>
-<td>Windows Defender Advanced Threat Protection machine ID calculated: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection machine ID calculated: ```variable```.</td>
 <td>Normal operating process.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>15</td>
-<td>Windows Defender Advanced Threat Protection cannot start command channel with URL: ```variable```.</td>
-<td>Variable = URL of the Windows Defender ATP processing servers.<br>
+<td>Microsoft Defender Advanced Threat Protection cannot start command channel with URL: ```variable```.</td>
+<td>Variable = URL of the Microsoft Defender ATP processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
-<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet-windows-defender-advanced-threat-protection.md).</td>
+<td>Check the connection to the URL. See [Configure proxy and Internet connectivity](configure-proxy-internet.md).</td>
 </tr>
 <tr>
 <td>17</td>
-<td>Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service.</td>
-<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).<br>
+<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>18</td>
@@ -182,35 +182,35 @@ If this error persists after a system restart, ensure all Windows updates have f
 </tr>
 <tr>
 <td>25</td>
-<td>Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```.</td>
 <td>The machine did not onboard correctly.
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>26</td>
-<td>Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```.</td>
 <td>The machine did not onboard correctly.<br>
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>27</td>
-<td>Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```.</td>
-<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```.</td>
+<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Microsoft Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).<br>
+See [Onboard Windows 10 machines](configure-endpoints.md).<br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
 <td>28</td>
-<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service.</td>
-<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).<br>
+<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostic-data-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>29</td>
@@ -220,97 +220,97 @@ See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-
 </tr>
 <tr>
 <td>30</td>
-<td>Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```.</td>
-<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```.</td>
+<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Microsoft Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)<br>
+See [Onboard Windows 10 machines](configure-endpoints.md)<br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
 <td>31</td>
-<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.</td>
-<td>[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).</td>
+<td>[Check for errors with the Windows telemetry service](troubleshoot-onboarding.md#ensure-the-diagnostic-data-service-is-enabled).</td>
 </tr>
 <tr>
 <td>32</td>
-<td>Windows Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1</td>
 <td>An error occurred during offboarding.</td>
 <td>Reboot the machine.</td>
 </tr>
 <tr>
 <td>33</td>
-<td>Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```.</td>
 <td>A unique identifier is used to represent each machine that is reporting to the portal.<br>
 If the identifier does not persist, the same machine might appear twice in the portal.</td>
 <td>Check registry permissions on the machine to ensure the service can update the registry.</td>
 </tr>
 <tr>
 <td>34</td>
-<td>Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service.</td>
-<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).<br>
+<td>[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostic-data-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+See [Onboard Windows 10 machines](configure-endpoints.md).</td>
 </tr>
 <tr>
 <td>35</td>
-<td>Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```.</td>
+<td>Microsoft Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service during offboarding. The offboarding process continues.
 </td>
 <td>Check for errors with the Windows diagnostic data service.</td>
 </tr>
 <tr>
 <td>36</td>
-<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration succeeded. Completion code: ```variable```.</td>
-<td>Registering Windows Defender Advanced Threat Protection with the Connected User Experiences and Telemetry service completed successfully.</td>
+<td>Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration succeeded. Completion code: ```variable```.</td>
+<td>Registering Microsoft Defender Advanced Threat Protection with the Connected User Experiences and Telemetry service completed successfully.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>37</td>
-<td>Windows Defender Advanced Threat Protection A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.</td>
+<td>Microsoft Defender Advanced Threat Protection A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.</td>
 <td>The machine has almost used its allocated quota of the current 24-hour window. It’s about to be throttled.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>38</td>
-<td>Network connection is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
+<td>Network connection is identified as low. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
 <td>The machine is using a metered/paid network and will be contacting the server less frequently.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>39</td>
-<td>Network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
+<td>Network connection is identified as normal. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
 <td>The machine is not using a metered/paid connection and will contact the server as usual.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>40</td>
-<td>Battery state is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
+<td>Battery state is identified as low. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
 <td>The machine has low battery level and will contact the server less frequently.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>41</td>
-<td>Battery state is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
+<td>Battery state is identified as normal. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
 <td>The machine doesn’t have low battery level and will contact the server as usual.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>42</td>
-<td>Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4</td>
+<td>Microsoft Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4</td>
 <td>Internal error. The service failed to start.</td>
 <td>If this error persists, contact Support.</td>
 </tr>
 <tr>
 <td>43</td>
-<td>Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5</td>
+<td>Microsoft Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5</td>
 <td>Internal error. The service failed to start.</td>
 <td>If this error persists, contact Support.</td>
 </tr>
 <tr>
 <td>44</td>
-<td>Offboarding of Windows Defender Advanced Threat Protection service completed.</td>
+<td>Offboarding of Microsoft Defender Advanced Threat Protection service completed.</td>
 <td>The service was offboarded.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
@@ -342,9 +342,9 @@ See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-
 </tbody>
 </table>
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
 
 ## Related topics
-- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender ATP](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md)
+- [Troubleshoot Microsoft Defender ATP](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md
index 3e8ba14f02..741e7bde03 100644
--- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md
@@ -1,6 +1,6 @@
 ---
 title: Experiment with custom threat intelligence alerts
-description: Use this end-to-end guide to start using the Windows Defender ATP threat intelligence API.
+description: Use this end-to-end guide to start using the Microsoft Defender ATP threat intelligence API.
 keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,27 +18,27 @@ ms.topic: article
 ms.date: 11/09/2017
 ---
 
-# Experiment with custom threat intelligence (TI) alerts
+# Experiment with custom threat intelligence (TI) alerts (Deprecated)
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-experimentcustomti-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-experimentcustomti-abovefoldlink) 
 
-With the Windows Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization.  
+With the Microsoft Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization.  
 
-For more information about threat intelligence concepts, see [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md).
+For more information about threat intelligence concepts, see [Understand threat intelligence concepts](threat-indicator-concepts.md).
 
 This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API.
 
 You'll be guided through sample steps so you can experience how the threat intelligence API feature works. Sample steps include creating alerts definitions and indicators of compromise (IOCs), and examples of how triggered custom TI alerts look like.
 
 ## Step 1: Enable the threat intelligence API and obtain authentication details
-To use the threat intelligence API feature, you'll need to enable the feature. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
+To use the threat intelligence API feature, you'll need to enable the feature. For more information, see [Enable the custom threat intelligence application](enable-custom-ti.md).
 
 This step is required to generate security credentials that you need to use while working with the API.
 
@@ -47,7 +47,7 @@ This step will guide you in creating an alert definition and an IOC for a malici
 
 1. Open a Windows PowerShell ISE.
 
-2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert.
+2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Microsoft Defender ATP which you can use to generate an alert.
 
     NOTE:
     Make sure you replace the authUrl, clientId, and clientSecret values with your details which you saved in when you enabled the threat intelligence application.
@@ -80,7 +80,7 @@ This step will guide you in creating an alert definition and an IOC for a malici
           $alertDefinitionPayload = @{
               "Name" = "Test Alert"
               "Severity" = "Medium"
-              "InternalDescription" = "A test alert used to demonstrate the Windows Defender ATP TI API feature"
+              "InternalDescription" = "A test alert used to demonstrate the Microsoft Defender ATP TI API feature"
               "Title" = "Test alert."
               "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled."
               "RecommendedAction" = "No recommended action for this test alert."
@@ -130,9 +130,9 @@ This step will guide you in creating an alert definition and an IOC for a malici
     ~~~~
 
 ## Step 3: Simulate a custom TI alert
-This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert.
+This step will guide you in simulating an event in connection to a malicious IP that will trigger the Microsoft Defender ATP custom TI alert.
 
-1. Open a Windows PowerShell ISE in the machine you onboarded to Windows Defender ATP.
+1. Open a Windows PowerShell ISE in the machine you onboarded to Microsoft Defender ATP.
 
 2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to a Microsoft's dedicated demo server that will raise an alert based on the custom alert definition.
 
@@ -141,9 +141,9 @@ This step will guide you in simulating an event in connection to a malicious IP
 ## Step 4: Explore the custom alert in the portal
 This step will guide you in exploring the custom alert in the portal.
 
-1.	Open [Windows Defender Security Center](http://securitycenter.windows.com/) on a browser.
+1.	Open [Microsoft Defender Security Center](http://securitycenter.windows.com/) on a browser.
 
-2.	Log in with your Windows Defender ATP credentials.
+2.	Log in with your Microsoft Defender ATP credentials.
 
 3.	The dashboard should display the custom TI alert for the victim machine resulting from the simulated attack.
 
@@ -153,9 +153,9 @@ This step will guide you in exploring the custom alert in the portal.
 > There is a latency time of approximately 20 minutes between the time a custom TI is introduced and when it becomes effective.
 
 ## Related topics
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Understand threat intelligence concepts](threat-indicator-concepts.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
+- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
+- [Python code examples for the custom threat intelligence API](python-example-code.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
rename to windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index abe92e9dfe..89347e443b 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -1,5 +1,5 @@
 ---
-title: Use Windows Defender Advanced Threat Protection APIs  
+title: Use Microsoft Defender Advanced Threat Protection APIs  
 description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
 keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
@@ -14,38 +14,36 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/03/2018
 ---
 
-# Use Windows Defender ATP APIs
+# Use Microsoft Defender ATP APIs
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
+This page describes how to create an application to get programmatic access to Microsoft Defender ATP on behalf of a user.
 
-This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
-
-If you need programmatic access Windows Defender ATP without a user, refer to [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md).
+If you need programmatic access Microsoft Defender ATP without a user, refer to [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md).
 
 If you are not sure which access you need, read the [Introduction page](apis-intro.md).
 
-Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
-- Use the token to access Windows Defender ATP API
+- Use the token to access Microsoft Defender ATP API
 
-This page explains how to create an AAD application, get an access token to Windows Defender ATP and validate the token.
+This page explains how to create an AAD application, get an access token to Microsoft Defender ATP and validate the token.
 
 >[!NOTE]
-> When accessing Windows Defender ATP API on behalf of a user, you will need the correct App permission and user permission.
-> If you are not familiar with user permissions on Windows Defender ATP, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md). 
+> When accessing Microsoft Defender ATP API on behalf of a user, you will need the correct App permission and user permission.
+> If you are not familiar with user permissions on Microsoft Defender ATP, see [Manage portal access using role-based access control](rbac.md).
 
 >[!TIP]
-> If you have the permission to perform an action in the portal, you have the permission to perform the action in the API. 
+> If you have the permission to perform an action in the portal, you have the permission to perform the action in the API.
 
 ## Create an app
 
@@ -81,7 +79,7 @@ This page explains how to create an AAD application, get an access token to Wind
 	For instance,
 
     - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
-    - To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
+    - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
 
        To determine which permission you need, look at the **Permissions** section in the API you are interested to call.
 
@@ -161,9 +159,9 @@ Sanity check to make sure you got a correct token:
 
 ![Image of token validation](images/nativeapp-decoded-token.png)
 
-## Use the token to access Windows Defender ATP API
+## Use the token to access Microsoft Defender ATP API
 
-- Choose the API you want to use - [Supported Windows Defender ATP APIs](exposed-apis-list.md)
+- Choose the API you want to use - [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
 - Set the Authorization header in the HTTP request you send to "Bearer {token}" (Bearer is the Authorization scheme)
 - The Expiration time of the token is 1 hour (you can send more then one request with the same token)
 
@@ -181,5 +179,5 @@ Sanity check to make sure you got a correct token:
 	```
 
 ## Related topics
-- [Windows Defender ATP APIs](exposed-apis-list.md)
-- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md)
\ No newline at end of file
+- [Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
rename to windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index d26d9ddb56..7eb94d09cb 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -1,5 +1,5 @@
 ---
-title: Create an app to access Windows Defender ATP without a user
+title: Create an app to access Microsoft Defender ATP without a user
 description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
 keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
@@ -14,35 +14,34 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/03/2018
 ---
 
-# Create an app to access Windows Defender ATP without a user
+# Create an app to access Microsoft Defender ATP without a user
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-This page describes how to create an application to get programmatic access to Windows Defender ATP without a user.
+This page describes how to create an application to get programmatic access to Microsoft Defender ATP without a user.
 
-If you need programmatic access Windows Defender ATP on behalf of a user, see [Get access wtih user context](exposed-apis-create-app-nativeapp.md)
+If you need programmatic access Microsoft Defender ATP on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md)
 
 If you are not sure which access you need, see [Get started](apis-intro.md).
 
-Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
-- Use the token to access Windows Defender ATP API
+- Use the token to access Microsoft Defender ATP API
 
-This page explains how to create an AAD application, get an access token to Windows Defender ATP and validate the token.
+This page explains how to create an AAD application, get an access token to Microsoft Defender ATP and validate the token.
 
 ## Create an app
 
-1.	Log on to [Azure](https://portal.azure.com) with user that has Global Administrator role.
+1. Log on to [Azure](https://portal.azure.com) with user that has Global Administrator role.
 
 2.	Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. 
 
@@ -56,7 +55,6 @@ This page explains how to create an AAD application, get an access token to Wind
     - **Application type:** Web app / API
     - **Redirect URI:** `https://127.0.0.1`
 
-
 4.	Click **Settings** > **Required permissions** > **Add**.
 
     ![Image of new app in Azure](images/webapp-add-permission.png)
@@ -74,7 +72,7 @@ This page explains how to create an AAD application, get an access token to Wind
 	For instance,
 
 	- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
-	- To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
+	- To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
 	- To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
 
     ![Image of select permissions](images/webapp-select-permission.png)
@@ -101,7 +99,7 @@ This page explains how to create an AAD application, get an access token to Wind
     
 	![Image of created app id](images/webapp-app-id1.png)
 
-11. **For Windows Defender ATP Partners only** - Set your application to be multi-tenanted
+11. **For Microsoft Defender ATP Partners only** - Set your application to be multi-tenanted
 	
 	This is **required** for 3rd party apps (for example, if you create an application that is intended to run in multiple customers tenant).
 
@@ -113,7 +111,7 @@ This page explains how to create an AAD application, get an access token to Wind
 
 	- Application consent for your multi-tenant App:
 	
-	You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with Windows Defender ATP application on behalf of your customer.
+	You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with Microsoft Defender ATP application on behalf of your customer.
 
 	You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.
 
@@ -133,7 +131,7 @@ This page explains how to create an AAD application, get an access token to Wind
 
 For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
 
-### Using PowerShell 
+### Using PowerShell
 
 ```
 # That code gets the App Context Token and save it to a file named "Latest-token.txt" under the current directory
@@ -199,7 +197,7 @@ Refer to [Get token using Python](run-advanced-query-sample-python.md#get-token)
 - Open a command window
 - ​Set CLIENT_ID to your Azure application ID
 - Set CLIENT_SECRET to your Azure application secret
-- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Windows Defender ATP application
+- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Microsoft Defender ATP application
 - Run the below command:
 
 ```
@@ -217,13 +215,13 @@ You will get an answer of the form:
 Sanity check to make sure you got a correct token:
 - Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it
 - Validate you get a 'roles' claim with the desired permissions
-- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Windows Defender ATP's roles:
+- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Microsoft Defender ATP's roles:
 
 ![Image of token validation](images/webapp-decoded-token.png)
 
-## Use the token to access Windows Defender ATP API
+## Use the token to access Microsoft Defender ATP API
 
-- Choose the API you want to use, for more information, see [Supported Windows Defender ATP APIs](exposed-apis-list.md)
+- Choose the API you want to use, for more information, see [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
 - Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme)
 - The Expiration time of the token is 1 hour (you can send more then one request with the same token)
 
@@ -241,5 +239,5 @@ Sanity check to make sure you got a correct token:
 	```
 
 ## Related topics
-- [Supported Windows Defender ATP APIs](exposed-apis-list.md)
-- [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
+- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Access Microsoft Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
rename to windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
index 9256735a62..315c8747c9 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
@@ -17,16 +17,16 @@ ms.topic: article
 ms.date: 09/24/2018
 ---
 
-# Windows Defender ATP APIs using PowerShell
+# Microsoft Defender ATP APIs using PowerShell
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Full scenario using multiple APIs from Windows Defender ATP.
+Full scenario using multiple APIs from Microsoft Defender ATP.
 
 In this section we share PowerShell samples to 
  - Retrieve a token 
- - Use token to retrieve the latest alerts in Windows Defender ATP
+ - Use token to retrieve the latest alerts in Microsoft Defender ATP
  - For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL.
 
 >**Prerequisite**: You first need to [create an app](apis-intro.md).
@@ -46,7 +46,7 @@ Set-ExecutionPolicy -ExecutionPolicy Bypass
 - Run the below
 
 > - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
+> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
 > - $appSecret: Secret of your AAD app
 > - $suspiciousUrl: The URL
 
@@ -114,7 +114,7 @@ $response
 
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using Python](run-advanced-query-sample-python.md)
 - [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md
rename to windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
index 2be8b96e04..a0676ff144 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
@@ -1,6 +1,6 @@
 ---
-title: Supported Windows Defender Advanced Threat Protection query APIs  
-description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to. 
+title: Supported Microsoft Defender Advanced Threat Protection query APIs  
+description: Learn about the specific supported Microsoft Defender Advanced Threat Protection entities where you can create API calls to. 
 keywords: apis, supported apis, actor, alerts, machine, user, domain, ip, file, advanced queries, advanced hunting
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -16,14 +16,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Supported Windows Defender ATP query APIs 
+# Supported Microsoft Defender ATP query APIs 
 
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) 
 
 ## End Point URI and Versioning
 
@@ -58,4 +58,4 @@ Machines | Run API calls such as find machine information by IP, get machines, g
 User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
rename to windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 3224af9ce2..1d2d1fb048 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -1,6 +1,6 @@
 ---
-title: OData queries with Windows Defender ATP
-description: OData queries with Windows Defender ATP
+title: OData queries with Microsoft Defender ATP
+description: OData queries with Microsoft Defender ATP
 keywords: apis, supported apis, odata, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -16,21 +16,21 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# OData queries with Windows Defender ATP
+# OData queries with Microsoft Defender ATP
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
 
 Not all properties are filterable.
 
-### Properties that supports $filter:
+## Properties that supports $filter:
 
-- [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
-- [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
-- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
+- [Alert](alerts.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
+- [Machine](machine.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
+- [MachineAction](machineaction.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
 
 ### Example 1
 
@@ -241,7 +241,7 @@ Content-type: application/json
 
 ### Example 6
 
-- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Windows Defender ATP
+- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender ATP
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan'
@@ -292,4 +292,4 @@ Content-type: application/json
 ```
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/files.md
similarity index 53%
rename from windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/files.md
index fa296bb3af..87b7a01359 100644
--- a/windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/files.md
@@ -18,18 +18,18 @@ ms.topic: article
 
 # File resource type
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Represent a file entity in Windows Defender ATP.
+Represent a file entity in Microsoft Defender ATP.
 
 # Methods
 Method|Return Type |Description
 :---|:---|:---
-[Get file](get-file-information-windows-defender-advanced-threat-protection-new.md) | [file](files-windows-defender-advanced-threat-protection-new.md) | Get a single file 
-[List file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that are associated with the file.
-[List file related machines](get-file-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Get the [machine](machine-windows-defender-advanced-threat-protection-new.md) entities associated with the alert.
-[file statistics](get-file-statistics-windows-defender-advanced-threat-protection-new.md) | Statistics summary | Retrieves the prevalence for the given file.
+[Get file](get-file-information.md) | [file](files.md) | Get a single file 
+[List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file.
+[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert.
+[file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file.
 
 
 # Properties
@@ -49,5 +49,5 @@ fileProductName | String | Product name.
 signer | String | File signer.
 issuer | String | File issuer.
 signerHash | String | Hash of the signing certificate.
-isValidCertificate | Boolean | Was signing certificate successfully verified by  Windows Defender ATP agent.
+isValidCertificate | Boolean | Was signing certificate successfully verified by  Microsoft Defender ATP agent.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
index 10f9c1f0dc..f355dc894d 100644
--- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
@@ -14,14 +14,13 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/25/2018
 ---
 
 # Find machine information by internal IP API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Find a machine by internal IP.
 
@@ -29,12 +28,12 @@ Find a machine by internal IP.
 >The timestamp must be within the last 30 days.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
-Permission type |	Permission	|	Permission display name
+Permission type | Permission | Permission display name
 :---|:---|:---
-Application |	Machine.Read.All |	'Read all machine profiles'
-Application |	Machine.ReadWrite.All |	'Read and write all machine information'
+Application | Machine.Read.All | 'Read all machine profiles'
+Application | Machine.ReadWrite.All | 'Read and write all machine information'
 
 ## HTTP request
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index 7fd4ec0b04..56e4cf24a6 100644
--- a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -17,16 +17,17 @@ ms.topic: article
 ---
 
 # Find machines by internal IP API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp 
+Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
 
 The given timestamp must be in the past 30 days.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -37,8 +38,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -51,7 +52,6 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
-
 ## Request body
 Empty
 
@@ -60,14 +60,13 @@ If successful and machines were found - 200 OK with list of the machines in the
 If no machine found  - 404 Not Found.
 If the timestamp is not in the past 30 days - 400 Bad Request.
 
-
 ## Example
 
 **Request**
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z)
@@ -77,7 +76,6 @@ GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.
 
 Here is an example of the response.
 
-
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
similarity index 63%
rename from windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index e6933232eb..bd6891a8c2 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -1,5 +1,5 @@
 ---
-title: Fix unhealthy sensors in Windows Defender ATP
+title: Fix unhealthy sensors in Microsoft Defender ATP
 description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine.
 keywords: misconfigured, inactive, fix sensor, sensor health,  no sensor data, sensor data, impaired communications, communication
 search.product: eADQiWindows 10XVcnh
@@ -18,16 +18,16 @@ ms.topic: article
 ms.date: 10/23/2017
 ---
 
-# Fix unhealthy sensors in Windows Defender ATP
+# Fix unhealthy sensors in Microsoft Defender ATP
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
 
 Machines that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a machine to be categorized as inactive or misconfigured.
 
@@ -39,14 +39,14 @@ An inactive machine is not necessarily flagged due to an issue. The following ac
 If the machine has not been in use for more than 7 days for any reason, it will remain in an �Inactive’ status in the portal.
 
 **Machine was reinstalled or renamed**</br>
-A reinstalled or renamed machine will generate a new machine entity in Windows Defender Security Center. The previous machine entity will remain with an �Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
+A reinstalled or renamed machine will generate a new machine entity in Microsoft Defender Security Center. The previous machine entity will remain with an �Inactive’ status in the portal. If you reinstalled a machine and deployed the Microsoft Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
 
 **Machine was offboarded**</br>
 If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
 
 
 **Machine is not sending signals**
-If the machine is not sending any signals for more than 7 days to any of the Windows Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive. 
+If the machine is not sending any signals for more than 7 days to any of the Microsoft Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive. 
 
 
 Do you expect a machine to be in �Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
@@ -61,11 +61,11 @@ This status indicates that there's limited communication between the machine and
 
 The following suggested actions can help fix issues related to a misconfigured machine with impaired communications:
 
-- [Ensure the machine has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#troubleshoot-onboarding-issues-on-the-machine)</br>
-  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
+- [Ensure the machine has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-machine)</br>
+  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
-- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)</br>
-  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
+- [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)</br>
+  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
 
 If you took corrective actions and the machine status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
@@ -73,19 +73,19 @@ If you took corrective actions and the machine status is still misconfigured, [o
 A misconfigured machine with status �No sensor data’ has communication with the service but can only report partial sensor data.
 Follow theses actions to correct known issues related to a misconfigured machine with status �No sensor data’:
 
-- [Ensure the machine has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#troubleshoot-onboarding-issues-on-the-machine)</br>
-  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
+- [Ensure the machine has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-machine)</br>
+  The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
-- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)</br>
-  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
+- [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)</br>
+  Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
 
-- [Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled)</br>
+- [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)</br>
 If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
 
-- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)</br>
-If your machines are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
+- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)</br>
+If your machines are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
 
 If you took corrective actions and the machine status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
 ## Related topic
-- [Check sensor health state in Windows Defender ATP](check-sensor-status-windows-defender-advanced-threat-protection.md)
+- [Check sensor health state in Microsoft Defender ATP](check-sensor-status.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
index a7365f8291..96cafa6ac6 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get alert information by ID API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves an alert by its ID.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -53,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200 OK, and the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
+If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
 
 
 ## Example
@@ -62,7 +64,7 @@ If successful, this method returns 200 OK, and the [alert](alerts-windows-defend
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
similarity index 70%
rename from windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
index 9048ee44e1..3fa93475a6 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@@ -17,24 +17,25 @@ ms.topic: article
 ---
 
 # Get alert related domain information API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves all domains related to a specific alert.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
-Permission type |	Permission	|	Permission display name
+Permission type | Permission | Permission display name
 :---|:---|:---
-Application |	URL.Read.All |	'Read URLs'
-Delegated (work or school account) | URL.Read.All |	'Read URLs'
+Application | URL.Read.All | 'Read URLs'
+Delegated (work or school account) | URL.Read.All | 'Read URLs'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -54,15 +55,13 @@ Empty
 ## Response
 If successful and alert and domain exist - 200 OK. If alert not found - 404 Not Found.
 
-
 ## Example
 
 **Request**
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
-
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/domains
@@ -72,7 +71,6 @@ GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/
 
 Here is an example of the response.
 
-
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
index 7a06825e2d..a7c003bfdf 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@@ -17,23 +17,25 @@ ms.topic: article
 ---
 
 # Get alert related files information API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves all files related to a specific alert.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
-Permission type |	Permission	|	Permission display name
+Permission type | Permission | Permission display name
 :---|:---|:---
-Application |	File.Read.All |	'Read file profiles'
-Delegated (work or school account) | File.Read.All |	'Read file profiles'
+Application | File.Read.All | 'Read file profiles'
+Delegated (work or school account) | File.Read.All | 'Read file profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -46,7 +48,6 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
-
 ## Request body
 Empty
 
@@ -60,7 +61,7 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/files
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
index fcc6714b48..b90a063cc9 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@@ -17,14 +17,15 @@ ms.topic: article
 ---
 
 # Get alert related IP information API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves all IPs related to a specific alert.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -33,8 +34,8 @@ Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -61,7 +62,7 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/ips
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
index 0b169ac577..359b72b51a 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get alert related machine information API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves machine that is related to a specific alert.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -61,7 +63,7 @@ If successful and alert and machine exist - 200 OK. If alert not found or machin
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
index 484a4874d8..67b9ce4ceb 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@@ -17,14 +17,15 @@ ms.topic: article
 ---
 
 # Get alert related user information API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves the user associated to a specific alert.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -33,8 +34,8 @@ Delegated (work or school account) | User.Read.All | 'Read user profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -61,7 +62,7 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index 9a1faba1e2..3f94ebab37 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -17,8 +17,10 @@ ms.topic: article
 ---
 
 # List alerts API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Retrieves a collection of Alerts.
@@ -27,10 +29,10 @@ Supports [OData V4 queries](https://www.odata.org/documentation/).
 
 The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
 
-See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
+See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -41,8 +43,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The response will include only alerts that are associated with machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The response will include only alerts that are associated with machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -63,7 +65,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200 OK, and a list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) objects in the response body.
+If successful, this method returns 200 OK, and a list of [alert](alerts.md) objects in the response body.
 
 
 ## Example
@@ -72,7 +74,7 @@ If successful, this method returns 200 OK, and a list of [alert](alerts-windows-
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/alerts
@@ -135,4 +137,4 @@ Here is an example of the response.
 ```
 
 ## Related topics
-- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
+- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
index 3149b5d23f..07b687504d 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@@ -1,82 +1,81 @@
----
-title: Get CVE-KB map API
-description: Retrieves a map of CVE's to KB's.
-keywords: apis, graph api, supported apis, get, cve, kb
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: leonidzh
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
-ms.date: 10/07/2018
----
-
-# Get CVE-KB map API
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Retrieves a map of CVE's to KB's and CVE details.
-
-## Permissions
-User needs read permissions.
-
-## HTTP request
-```
-GET /testwdatppreview/cvekbmap
-```
-
-## Request headers
-
-Header | Value 
-:---|:---
-Authorization | Bearer {token}. **Required**.
-Content type | application/json
-
-## Request body
-Empty
-
-## Response
-If successful and map exists - 200 OK.
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://graph.microsoft.com/testwdatppreview/CveKbMap
-Content-type: application/json
-```
-
-**Response**
-
-Here is an example of the response.
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
-    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
-    "@odata.count": 4168,
-    "value": [
-        {
-            "cveKbId": "CVE-2015-2482-3097617",
-            "cveId": "CVE-2015-2482",
-            "kbId":"3097617",
-            "title": "Cumulative Security Update for Internet Explorer",
-            "severity": "Critical"
-        },
-    …
-}
-
-```
+---
+title: Get CVE-KB map API
+description: Retrieves a map of CVE's to KB's.
+keywords: apis, graph api, supported apis, get, cve, kb
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get CVE-KB map API
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Retrieves a map of CVE's to KB's and CVE details.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/cvekbmap
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful and map exists - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/CveKbMap
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
+    "@odata.count": 4168,
+    "value": [
+        {
+            "cveKbId": "CVE-2015-2482-3097617",
+            "cveId": "CVE-2015-2482",
+            "kbId":"3097617",
+            "title": "Cumulative Security Update for Internet Explorer",
+            "severity": "Critical"
+        },
+    …
+}
+
+```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
index d09e702dfd..42088b56aa 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get domain related alerts API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of alerts related to a given domain address.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -53,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities. If domain does not exist - 404 Not Found.
+If successful and domain exists - 200 OK with list of [alert](alerts.md) entities. If domain does not exist - 404 Not Found.
 
 
 ## Example
@@ -62,7 +64,7 @@ If successful and domain exists - 200 OK with list of [alert](alerts-windows-def
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
index 4355e3594a..a0ad7dfce9 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Get domain related machines API
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of machines that have communicated to or from a given domain address.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +34,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -53,7 +53,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities. If domain do not exist - 404 Not Found.
+If successful and domain exists - 200 OK with list of [machine](machine.md) entities. If domain do not exist - 404 Not Found.
 
 
 ## Example
@@ -62,7 +62,7 @@ If successful and domain exists - 200 OK with list of [machine](machine-windows-
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index 12d290b29d..ff1d2744d0 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -17,13 +17,14 @@ ms.topic: article
 ---
 
 # Get domain statistics API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves the prevalence for the given domain.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,7 +33,7 @@ Delegated (work or school account) | URL.Read.All |	'Read URLs'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -59,7 +60,7 @@ If successful and domain exists - 200 OK, with statistics object in the response
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/domains/example.com/stats
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
index cfa1df6eb2..36389ed94b 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Get file information API
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a file by identifier Sha1, Sha256, or MD5.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,8 +32,7 @@ Delegated (work or school account) | File.Read.All |	'Read all file profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
-
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -51,7 +50,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with the [file](files-windows-defender-advanced-threat-protection-new.md) entity in the body. If file does not exist - 404 Not Found.
+If successful and file exists - 200 OK with the [file](files.md) entity in the body. If file does not exist - 404 Not Found.
 
 
 ## Example
@@ -60,7 +59,7 @@ If successful and file exists - 200 OK with the [file](files-windows-defender-ad
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
index f75ad0ee2d..933da74fce 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@@ -17,14 +17,15 @@ ms.topic: article
 ---
 
 # Get file related alerts API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of alerts related to a given file hash.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +36,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -54,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
+If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file do not exist - 404 Not Found.
 
 
 ## Example
@@ -63,7 +64,7 @@ If successful and file exists - 200 OK with list of [alert](alerts-windows-defen
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
index 33e5bfd6ea..ea5c35f085 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@@ -19,12 +19,13 @@ ms.topic: article
 # Get file related machines API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 - Retrieves a collection of machines related to a given file hash.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +36,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -54,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
+If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file do not exist - 404 Not Found.
 
 
 ## Example
@@ -63,7 +64,7 @@ If successful and file exists - 200 OK with list of [machine](machine-windows-de
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index 00bf2bf323..cdb192ca3a 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get file statistics API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves the prevalence for the given file.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,7 +34,7 @@ Delegated (work or school account) | File.Read.All | 'Read file profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -59,7 +61,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/stats
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
index 80c4fcf202..be9c8379de 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get IP related alerts API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of alerts related to a given IP address.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -53,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and IP exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If IP do not exist - 404 Not Found.
+If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in the body. If IP do not exist - 404 Not Found.
 
 
 ## Example
@@ -62,7 +64,7 @@ If successful and IP exists - 200 OK with list of [alert](alerts-windows-defende
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md
index 02aa1f61ba..2e00867ddd 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md
@@ -17,14 +17,15 @@ ms.topic: article
 ---
 
 # Get IP related machines API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of machines that communicated with or from a particular IP.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +36,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -54,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and IP exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If IP do not exist - 404 Not Found.
+If successful and IP exists - 200 OK with list of [machine](machine.md) entities in the body. If IP do not exist - 404 Not Found.
 
 
 ## Example
@@ -63,7 +64,7 @@ If successful and IP exists - 200 OK with list of [machine](machine-windows-defe
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/machines
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
index becbf40d3a..19c9aa8993 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get IP statistics API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves the prevalence for the given IP.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,7 +34,7 @@ Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -59,7 +61,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/stats
diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
index 1752cd4d91..7617020547 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@@ -1,81 +1,81 @@
----
-title: Get KB collection API
-description: Retrieves a collection of KB's.
-keywords: apis, graph api, supported apis, get, kb
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: leonidzh
-author: mjcaparas
+---
+title: Get KB collection API
+description: Retrieves a collection of KB's.
+keywords: apis, graph api, supported apis, get, kb
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
-ms.topic: article
-ms.date: 10/07/2018
----
-
-# Get KB collection API
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Retrieves a collection of KB's and KB details.
-
-## Permissions
-User needs read permissions.
-
-## HTTP request
-```
-GET /testwdatppreview/kbinfo
-```
-
-## Request headers
-
-Header | Value 
-:---|:---
-Authorization | Bearer {token}. **Required**.
-Content type | application/json
-
-## Request body
-Empty
-
-## Response
-If successful - 200 OK.
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://graph.microsoft.com/testwdatppreview/KbInfo
-Content-type: application/json
-```
-
-**Response**
-
-Here is an example of the response.
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
-    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
-    "@odata.count": 271,
-    "value":[
-        {
-            "id": "KB3097617 (10240.16549) Amd64",
-            "release": "KB3097617 (10240.16549)",
-            "publishingDate": "2015-10-16T21:00:00Z",
-            "version": "10.0.10240.16549",
-            "architecture": "Amd64"
-        },
-        …
-}
+ms.topic: article
+ms.date: 10/07/2018
+---
+
+# Get KB collection API
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Retrieves a collection of KB's and KB details.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/kbinfo
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/KbInfo
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
+    "@odata.count": 271,
+    "value":[
+        {
+            "id": "KB3097617 (10240.16549) Amd64",
+            "release": "KB3097617 (10240.16549)",
+            "publishingDate": "2015-10-16T21:00:00Z",
+            "version": "10.0.10240.16549",
+            "architecture": "Amd64"
+        },
+        …
+}
 ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
index 9710899e3a..ba27a5a0bf 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@@ -19,12 +19,13 @@ ms.topic: article
 # Get machine by ID API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a machine entity by ID.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +36,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 
 ## HTTP request
@@ -55,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exists - 200 OK with the [machine](machine-windows-defender-advanced-threat-protection-new.md) entity in the body.
+If successful and machine exists - 200 OK with the [machine](machine.md) entity in the body.
 If machine with the specified id was not found - 404 Not Found.
 
 
@@ -65,7 +66,7 @@ If machine with the specified id was not found - 404 Not Found.
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
index a50a37d200..0aaff12504 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get machine log on users API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of logged on users.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,8 +34,8 @@ Delegated (work or school account) | User.Read.All | 'Read user profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include users only if the machine is visible to the user, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include users only if the machine is visible to the user, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -51,7 +53,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exist - 200 OK with list of [user](user-windows-defender-advanced-threat-protection-new.md) entities in the body. If machine was not found - 404 Not Found.
+If successful and machine exist - 200 OK with list of [user](user.md) entities in the body. If machine was not found - 404 Not Found.
 
 
 ## Example
@@ -60,7 +62,7 @@ If successful and machine exist - 200 OK with list of [user](user-windows-defend
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
index 92fa67c016..2bf267de93 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Get machine related alerts  API
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of alerts related to a given machine ID.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +34,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -53,7 +53,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If machine was not found - 404 Not Found.
+If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
 
 
 ## Example
@@ -62,7 +62,7 @@ If successful and machine exists - 200 OK with list of [alert](alerts-windows-de
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
index ede9947280..9ad70f4d71 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@@ -19,12 +19,12 @@ ms.topic: article
 # Get machineAction API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Get action performed on a machine.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,7 +35,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -53,7 +53,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200, Ok response code with a [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity. If machine action entity with the specified id was not found - 404 Not Found.
+If successful, this method returns 200, Ok response code with a [Machine Action](machineaction.md) entity. If machine action entity with the specified id was not found - 404 Not Found.
 
 ## Example
 
@@ -61,7 +61,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
index bd36b12c8a..84cea460b6 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@@ -19,19 +19,19 @@ ms.topic: article
 # List MachineActions API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Gets collection of actions done on machines. 
+Gets collection of actions done on machines.
 
 Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
 
 The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
 
-See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
+See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -42,7 +42,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -60,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200, Ok response code with a collection of [machineAction](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
+If successful, this method returns 200, Ok response code with a collection of [machineAction](machineaction.md) entities.
 
 
 ## Example 1
@@ -69,7 +69,7 @@ If successful, this method returns 200, Ok response code with a collection of [m
 
 Here is an example of the request on an organization that has three MachineActions.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/machineactions
@@ -140,7 +140,7 @@ GET https://api.securitycenter.windows.com/api/machineactions?$filter=machineId
 
 Here is an example of the response.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 HTTP/1.1 200 Ok
@@ -175,4 +175,4 @@ Content-type: application/json
 ```
 
 ## Related topics
-- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
+- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
index 412c1bd762..9205fdc61c 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
@@ -1,81 +1,81 @@
----
-title: Get RBAC machine groups collection API
-description: Retrieves a collection of RBAC machine groups.
-keywords: apis, graph api, supported apis, get, RBAC, group
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: leonidzh
-author: mjcaparas
+---
+title: Get RBAC machine groups collection API
+description: Retrieves a collection of RBAC machine groups.
+keywords: apis, graph api, supported apis, get, RBAC, group
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
-ms.topic: article
-ms.date: 10/07/2018
----
-
-# Get KB collection API
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Retrieves a collection of RBAC machine groups.
-
-## Permissions
-User needs read permissions.
-
-## HTTP request
-```
-GET /testwdatppreview/machinegroups
-```
-
-## Request headers
-
-Header | Value 
-:---|:---
-Authorization | Bearer {token}. **Required**.
-Content type | application/json
-
-## Request body
-Empty
-
-## Response
-If successful - 200 OK.
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://graph.microsoft.com/testwdatppreview/machinegroups
-Content-type: application/json
-```
-
-**Response**
-
-Here is an example of the response.
-Field id contains machine group **id** and equal to field **rbacGroupId** in machines info. 
-Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
-    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups",
-    "@odata.count":7,
-    "value":[
-        {
-            "id":86,
-            "name":"UnassignedGroup",
-            "description":"",
-            "ungrouped":true},
-        …
-}
+ms.topic: article
+ms.date: 10/07/2018
+---
+
+# Get KB collection API
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Retrieves a collection of RBAC machine groups.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machinegroups
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machinegroups
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+Field id contains machine group **id** and equal to field **rbacGroupId** in machines info. 
+Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups",
+    "@odata.count":7,
+    "value":[
+        {
+            "id":86,
+            "name":"UnassignedGroup",
+            "description":"",
+            "ungrouped":true},
+        …
+}
 ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index 449c19a1e5..b5026bdf27 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -17,17 +17,18 @@ ms.topic: article
 ---
 
 # List machines API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 This API can do the following actions:
 
-- Retrieves a collection of machines that have communicated with  Windows Defender ATP cloud on the last 30 days.
+- Retrieves a collection of machines that have communicated with  Microsoft Defender ATP cloud on the last 30 days.
 - Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
 - The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
 
-See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
+See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
 
@@ -40,8 +41,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -59,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machines exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If no recent machines - 404 Not Found.
+If successful and machines exists - 200 OK with list of [machine](machine.md) entities in the body. If no recent machines - 404 Not Found.
 
 
 ## Example
@@ -68,7 +69,7 @@ If successful and machines exists - 200 OK with list of [machine](machine-window
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/machines
@@ -128,4 +129,4 @@ Content-type: application/json
 ```
 
 ## Related topics
-- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
+- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
index 64448439c9..f5630c46c0 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@@ -1,87 +1,87 @@
----
-title: Get machines security states collection API
-description: Retrieves a collection of machines security states.
-keywords: apis, graph api, supported apis, get, machine, security, state
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: leonidzh
-author: mjcaparas
+---
+title: Get machines security states collection API
+description: Retrieves a collection of machines security states.
+keywords: apis, graph api, supported apis, get, machine, security, state
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
-ms.topic: article 
----
-
-# Get Machines security states collection API
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Retrieves a collection of machines security states.
-
-## Permissions
-User needs read permissions.
-
-## HTTP request
-```
-GET /testwdatppreview/machinesecuritystates
-```
-
-## Request headers
-
-Header | Value 
-:---|:---
-Authorization | Bearer {token}. **Required**.
-Content type | application/json
-
-## Request body
-Empty
-
-## Response
-If successful - 200 OK.
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
-Content-type: application/json
-```
-
-**Response**
-
-Here is an example of the response.
-Field *id* contains machine id and equal to the field *id** in machines info. 
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
-    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
-    "@odata.count":444,
-    "@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]",
-    "value":[
-        {
-            "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4",
-            "build":14393,
-            "revision":2485,
-            "architecture":"Amd64",
-            "osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809",
-            "propertiesRequireAttention":[
-                "AntivirusNotReporting",
-                "EdrImpairedCommunications"
-            ]
-        },
-        …
-    ]
-}
+ms.topic: article 
+---
+
+# Get Machines security states collection API
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Retrieves a collection of machines security states.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machinesecuritystates
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+Field *id* contains machine id and equal to the field *id** in machines info. 
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
+    "@odata.count":444,
+    "@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]",
+    "value":[
+        {
+            "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4",
+            "build":14393,
+            "revision":2485,
+            "architecture":"Amd64",
+            "osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809",
+            "propertiesRequireAttention":[
+                "AntivirusNotReporting",
+                "EdrImpairedCommunications"
+            ]
+        },
+        …
+    ]
+}
 ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
index f2f944e0e0..86597a7dde 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get package SAS URI API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md).
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Get a URI that allows downloading of an [investigation package](collect-investigation-package.md).
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,8 +34,8 @@ Delegated (work or school account) | Machine.CollectForensics |	'Collect forensi
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -69,7 +71,7 @@ GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbc
 
 Here is an example of the response.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started.md b/windows/security/threat-protection/microsoft-defender-atp/get-started.md
new file mode 100644
index 0000000000..a4f51e3edd
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started.md
@@ -0,0 +1,73 @@
+---
+title: Get started with Microsoft Defender Advanced Threat Protection
+description: Learn about the minimum requirements and initial steps you need to take to get started with Microsoft Defender ATP.
+keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+ms.date: 11/20/2018
+---
+
+# Get started with Microsoft Defender Advanced Threat Protection
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>[!TIP]
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+
+Learn about the minimum requirements and initial steps you need to take to get started with Microsoft Defender ATP.
+
+The following capabilities are available across multiple products that make up the Microsoft Defender ATP platform.
+
+**Threat & Vulnerability Management**<br>
+Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience. 
+
+**Attack surface reduction**<br>
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+
+**Next generation protection**<br>
+To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
+
+**Endpoint detection and response**<br>
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+
+**Auto investigation and remediation**<br>
+In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+
+**Secure score**<br>
+Microsoft Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
+
+**Microsoft Threat Experts**<br>
+Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
+
+**Advanced hunting**<br>
+Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Microsoft Defender Security Center. 
+
+**Management and APIs**<br>
+Integrate Microsoft Defender Advanced Threat Protection into your existing workflows.
+
+**Microsoft threat protection**<br>
+Bring the power of Microsoft Threat Protection to your organization.
+
+## In this section 
+Topic | Description 
+:---|:---
+[Minimum requirements](minimum-requirements.md) | Learn about the requirements for onboarding machines to the platform. 
+[Validate licensing and complete setup](licensing.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
+[Preview features](preview.md) | Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+[Data storage and privacy](data-storage-privacy.md) | Explains the data storage and privacy details related to Microsoft Defender ATP.
+[Assign user access to the portal](assign-portal-access.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
+[Evaluate Microsoft Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Microsoft Defender ATP and test features out.
+[Access the Microsoft Defender Security Center Community Center](community.md) | The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
index d3469d7f53..34eaae8116 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@@ -19,7 +19,7 @@ ms.topic: article
 # List Indicators API
 
 **Applies to:** 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 >[!NOTE]
@@ -43,7 +43,7 @@ Application |	Ti.ReadWrite.All |	'Read and write All Indicators'
 GET https://api.securitycenter.windows.com/api/indicators
 ```
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ## Request headers
 
@@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator.md) entities.
 
 >[!Note]
 > If the Application has 'Ti.ReadWrite.All' permission, it will be exposed to all Indicators. Otherwise, it will be exposed only to the Indicators it created.
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
index 54be0763a9..3a09c868bb 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@@ -18,13 +18,13 @@ ms.topic: article
 
 # Get user information API
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Retrieve a User entity by key (user name).
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -46,7 +46,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and user exists - 200 OK with [user](user-windows-defender-advanced-threat-protection-new.md) entity in the body. If user does not exist - 404 Not Found.
+If successful and user exists - 200 OK with [user](user.md) entity in the body. If user does not exist - 404 Not Found.
 
 
 ## Example
@@ -55,7 +55,7 @@ If successful and user exists - 200 OK with [user](user-windows-defender-advance
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/users/user1
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
index e239d6ca71..2b5551a0bb 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get user related alerts API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of alerts related to a given user ID.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -64,7 +66,7 @@ If successful and user exist - 200 OK. If the user do not exist - 404 Not Found.
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/users/user1/alerts
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
index b137144be5..341c605bbb 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Get user related machines API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Retrieves a collection of machines related to a given user ID.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -56,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and user exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If user does not exist - 404 Not Found.
+If successful and user exists - 200 OK with list of [machine](machine.md) entities in the body. If user does not exist - 404 Not Found.
 
 
 ## Example
@@ -65,7 +67,7 @@ If successful and user exists - 200 OK with list of [machine](machine-windows-de
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/users/user1/machines
diff --git a/windows/security/threat-protection/windows-defender-atp/images/1.png b/windows/security/threat-protection/microsoft-defender-atp/images/1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/AH_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/AH_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/AH_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/AR_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/AR_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/AR_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/EDR_icon.jpg
rename to windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg
diff --git a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Failed.png b/windows/security/threat-protection/microsoft-defender-atp/images/Failed.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Failed.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Failed.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_applicationconfirmation.png b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_applicationconfirmation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/MTE_applicationconfirmation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/MTE_applicationconfirmation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_apply.png b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_apply.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/MTE_apply.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/MTE_apply.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_collaboratewithmte.png b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_collaboratewithmte.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/MTE_collaboratewithmte.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/MTE_collaboratewithmte.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/MTE_icon.jpg
rename to windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg
diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/MTE_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/NGP_icon.jpg
rename to windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg
diff --git a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/No threats found.png b/windows/security/threat-protection/microsoft-defender-atp/images/No threats found.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/No threats found.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/No threats found.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png b/windows/security/threat-protection/microsoft-defender-atp/images/Partially investigated.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Partially investigated.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png b/windows/security/threat-protection/microsoft-defender-atp/images/Partially remediated.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Partially remediated.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Pending.png b/windows/security/threat-protection/microsoft-defender-atp/images/Pending.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Pending.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Pending.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Remediated.png b/windows/security/threat-protection/microsoft-defender-atp/images/Remediated.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Remediated.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Remediated.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Running.png b/windows/security/threat-protection/microsoft-defender-atp/images/Running.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Running.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Running.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/SS_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/SS_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/SS_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/TVM_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/TVM_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png b/windows/security/threat-protection/microsoft-defender-atp/images/Terminated by system.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/Terminated by system.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png b/windows/security/threat-protection/microsoft-defender-atp/images/WDATP-components.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/WDATP-components.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/WDATP-components.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/active-alerts-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/active-alerts-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/active-alerts-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/active-alerts-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/active-threat-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/active-threat-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/active-threat-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/active-threat-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-features.png b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-features.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/advanced-features.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/advanced-features.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example.PNG
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG
rename to windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example.PNG
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-save-query.PNG
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG
rename to windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-save-query.PNG
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alert-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/alert-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/alert-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/alert-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alert-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/alert-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/alert-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/alert-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png b/windows/security/threat-protection/microsoft-defender-atp/images/alerts-q-bulk.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/alerts-q-bulk.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alerts-queue-list.png b/windows/security/threat-protection/microsoft-defender-atp/images/alerts-queue-list.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/alerts-queue-list.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/alerts-queue-list.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alerts-queue-numbered.png b/windows/security/threat-protection/microsoft-defender-atp/images/alerts-queue-numbered.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/alerts-queue-numbered.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/alerts-queue-numbered.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/analysis-results.png b/windows/security/threat-protection/microsoft-defender-atp/images/analysis-results.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/analysis-results.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/analysis-results.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/api-jwt-ms.png b/windows/security/threat-protection/microsoft-defender-atp/images/api-jwt-ms.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/api-jwt-ms.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/api-jwt-ms.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png b/windows/security/threat-protection/microsoft-defender-atp/images/api-tenant-id.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/api-tenant-id.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-Application-Guard-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-Application-Guard-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-Application-Guard-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-Application-Guard-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-Device-Guard-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-Device-Guard-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-Device-Guard-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-Device-Guard-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ETW-event-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-ETW-event-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-ETW-event-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-ETW-event-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-Exploit-Guard-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-Exploit-Guard-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-Exploit-Guard-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-Exploit-Guard-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-File-path-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-File-path-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-File-path-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-File-path-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-Firewall-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-Firewall-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-Firewall-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-Firewall-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-O365-admin-portal-customer.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-O365-admin-portal-customer.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-O365-admin-portal-customer.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-O365-admin-portal-customer.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-Other-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-Other-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-Other-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-Other-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-Smart-Screen-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-Smart-Screen-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-Smart-Screen-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-Smart-Screen-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-access-token-modification-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-access-token-modification-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-access-token-modification-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-access-token-modification-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-action-block-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-action-block-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-action-block-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-action-block-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-app-restriction.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-action-center-app-restriction.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-app-restriction.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-package-collection.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-action-center-package-collection.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-package-collection.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-restrict-app.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-action-center-restrict-app.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-restrict-app.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-with-info.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-action-center-with-info.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-action-center-with-info.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-action-center.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-action-center.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-action-center.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-collect-investigation-package.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-collect-investigation-package.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-collect-investigation-package.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-isolate-machine.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-isolate-machine.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-isolate-machine.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-manage-tags.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-manage-tags.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-manage-tags.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-release-from-isolation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-release-from-isolation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-release-from-isolation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-release-from-isoloation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-release-from-isoloation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-release-from-isoloation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-remove-app-restrictions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-remove-app-restrictions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-remove-app-restrictions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-restrict-app-execution.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-restrict-app-execution.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-restrict-app-execution.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actions-run-av.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-run-av.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actions-run-av.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actions-run-av.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-active-investigations-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-active-investigations-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actor-alert.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actor-alert.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actor-alert.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actor-alert.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actor-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actor-report.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actor-report.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actor-report.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-actor.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-actor.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-actor.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-actor.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-add-application-name.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-add-application-name.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-add-application-name.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-add-application-name.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-add-application.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-add-application.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-add-application.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-add-application.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-add-intune-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-add-intune-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-add-intune-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-add-intune-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG b/windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting-results-filter.PNG
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting-results-filter.PNG
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting-results-set.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting-results-set.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-advanced-hunting.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-mgt-pane.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-mgt-pane.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-mgt-pane.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-page.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-page.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-process-tree.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-process-tree.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-process-tree.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-source.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-source.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-source.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-source.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-status.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-status.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-status.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-status.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline-numbered.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-timeline-numbered.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline-numbered.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-timeline-numbered.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-timeline.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-timeline.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-view.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alert-view.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-group.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-group.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-group.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-q.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-q.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-q.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-q.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-queue-user.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-queue-user.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-queue.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-queue.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-related-to-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-related-to-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-related-to-machine.PNG
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-related-to-machine.PNG
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-selected.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-selected.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alerts-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq1.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alertsq1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alertsq1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alertsq1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-alertsq2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-alertsq2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-analyze-auto-ir.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-analyze-auto-ir.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-app-restriction.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-app-restriction.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-app-restriction.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-app-restriction.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-application-information.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-application-information.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-application-information.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-application-information.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-approve-reject-action.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-approve-reject-action.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-appsource.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-appsource.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-appsource.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-appsource.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-auto-investigation-pending.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-auto-investigation-pending.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-auto-investigations-list.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-auto-investigations-list.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-automated-investigations-statistics.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-automated-investigations-statistics.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-av-scan-action-center.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-action-center.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-av-scan-action-center.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-av-scan-notification.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-av-scan-notification.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-av-scan-notification.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-api-access.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-api-access.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-api-access.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-api-access.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-assign-role.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-assign-role.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-assign-role.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-assign-role.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-atp-app.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-app.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-atp-app.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-atp-machine-user.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-atp-machine-user.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-atp-machine.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-atp-machine.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-create.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-create.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-create.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-create.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-category.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-category.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-category.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-category.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-configure.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-configure.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-configure.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-configure.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-policy-configure.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-policy-configure.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-policy-configure.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-policy-configure.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-policy-name.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-policy-name.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-policy-name.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-policy-name.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-profile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create-profile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create-profile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-create.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-create.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-device-config.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-device-config.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-device-config.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-device-config.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-save-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-save-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-save-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-save-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-save.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-save.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-save.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-save.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-select-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-select-group.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-select-group.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-select-group.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-settings-configure.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-settings-configure.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune-settings-configure.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune-settings-configure.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-intune.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-intune.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-license-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-license-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-license-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-license-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-new-app.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-new-app.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-new-app.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-required-permissions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-required-permissions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-required-permissions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-select-permissions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-select-permissions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-select-permissions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-ui-user-access.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-azure-ui-user-access.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-billing-licenses.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-billing-licenses.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-billing-licenses.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-billing-licenses.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-billing-subscriptions.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-billing-subscriptions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-billing-subscriptions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-billing-subscriptions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-block-file-confirm.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-block-file-confirm.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-block-file-confirm.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-block-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-block-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-blockfile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-blockfile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-blockfile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-blockfile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-cloud-discovery-dashboard-menu.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-cloud-discovery-dashboard-menu.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-cloud-discovery-dashboard-menu.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-cloud-discovery-dashboard-menu.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-collect-investigation-package.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-collect-investigation-package.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-collect-investigation-package.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-command-line-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-command-line-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-command-line-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-command-line-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-community-center.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-community-center.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-conditional-access-numbered.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-conditional-access-numbered.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-conditional-access.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-conditional-access.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-confirm-isolate.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-confirm-isolate.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-confirm-isolate.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-create-dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-create-dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-create-suppression-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-create-suppression-rule.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-custom-oma-uri.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-oma-uri.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-custom-oma-uri.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-oma-uri.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-custom-ti-mapping.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-ti-mapping.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-custom-ti-mapping.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-ti-mapping.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-daily-machines-reporting.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-daily-machines-reporting.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-dashboard-security-analytics-9.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-dashboard-security-analytics-9.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-dashboard-security-analytics-full.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-dashboard-security-analytics-full.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-dashboard-security-analytics.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-dashboard-security-analytics.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-data-not-available.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-data-not-available.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-data-not-available.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-data-not-available.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-data-ready.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-data-ready.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-data-ready.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-data-ready.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-data-retention-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-data-retention-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-data-retention-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-data-retention-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-delete-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-delete-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-detailed-actor.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-detailed-actor.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-detailed-actor.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-detailed-actor.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-disableantispyware-regkey.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-disableantispyware-regkey.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-disableantispyware-regkey.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-disableantispyware-regkey.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-download-connector.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-download-connector.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-enable-security-analytics.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-enable-security-analytics.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-example-email-notification.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-example-email-notification.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-example-email-notification.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-example-email-notification.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-export-machine-timeline-events.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-export-machine-timeline-events.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-export-machine-timeline-events.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-export-machine-timeline-events.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-file-action.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-file-action.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-creation-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-file-creation-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-file-creation-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-file-creation-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-file-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-file-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-file-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-in-org.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-file-in-org.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-file-in-org.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-file-in-org.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-information.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-file-information.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-file-information.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-file-information.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-observed-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-file-observed-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-file-observed-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-file-observed-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-filter-advanced-hunting.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-filter-advanced-hunting.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-final-onboard-endpoints-warning-before-atp-access.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-final-onboard-endpoints-warning-before-atp-access.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-final-onboard-endpoints-warning-before-atp-access.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-final-onboard-endpoints-warning-before-atp-access.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-final-preference-setup.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-final-preference-setup.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-final-preference-setup.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-final-preference-setup.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-geographic-location-setup.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-geographic-location-setup.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-geographic-location-setup.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-geographic-location-setup.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-get-data.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-get-data.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-get-data.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-get-data.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy1.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-gpo-proxy1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-gpo-proxy1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-gpo-proxy2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-gpo-proxy2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-image.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-image.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-image.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-image.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-improv-opps-9.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-improv-opps-9.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-improv-opps.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-improv-opps.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-ops.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-improv-ops.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-improv-ops.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-improv-ops.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-details-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-page.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-details-page.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details-page.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-evidence-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-evidence-tab.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-evidence-tab.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-evidence-tab.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-graph-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-graph-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-graph-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-graph-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-graph-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-graph-tab.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-graph-tab.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-graph-tab.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-graph.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-graph.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-graph.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-graph.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-investigations-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-investigations-tab.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-investigations-tab.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-investigations-tab.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-machine-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-machine-tab.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-machine-tab.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-machine-tab.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-queue.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-queue.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incident-queue.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incident-queue.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-reason.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-reason.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-reason.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-reason.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-tooltip.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-tooltip.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-tooltip.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-alerts-tooltip.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-mgt-pane.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-incidents-mgt-pane.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-incidents-mgt-pane.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-industry-information.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-industry-information.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-industry-information.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-industry-information.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-add-oma.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-add-oma.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-add-oma.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-add-oma.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-add-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-add-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-add-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-add-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-assignments.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-assignments.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-assignments.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-assignments.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-configure.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-configure.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-configure.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-configure.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-create-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-create-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-create-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-create-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-custom.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-custom.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-custom.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-custom.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-deploy-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-deploy-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-deploy-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-deploy-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-group.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-group.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-group.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-manage-deployment.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-manage-deployment.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-manage-deployment.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-manage-deployment.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-new-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-new-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-new-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-new-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-oma-uri-setting.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-oma-uri-setting.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-oma-uri-setting.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-oma-uri-setting.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-policy-name.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-policy-name.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-policy-name.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-policy-name.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-save-deployment.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-save-deployment.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-save-deployment.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-save-deployment.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-intune-save-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-save-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-intune-save-policy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-intune-save-policy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-investigation-package-action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-investigation-package-action-center.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-investigation-package-action-center.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-investigation-package-action-center.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-isolate-machine.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-isolate-machine.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-isolate-machine.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-isolate-machine.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-licensing-azure-portal.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-licensing-azure-portal.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-licensing-azure-portal.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-licensing-azure-portal.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-loading.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-loading.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-loading.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-loading.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-logo-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-logo-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-logo-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-logo-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-actions-undo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-actions-undo.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-actions-undo.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-actions.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-actions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-actions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-actions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-details-view.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-details-view.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-details-view2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-details-view2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-health-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-health-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-health.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-health.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-health.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-investigation-package.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-investigation-package.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-investigation-package.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-isolation.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-isolation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-isolation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-isolation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline-details-panel.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline-details-panel.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline-export.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline-export.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline-filter.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline-filter.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-timeline.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-view-ata.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machine-view-ata.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machine-view-ata.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-active-threats-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-active-threats-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-at-risk.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-at-risk.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-misconfigured.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-list-misconfigured.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-misconfigured.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-list-misconfigured.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-list-view.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-list-view.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-list-view2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-list-view2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-timeline.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-timeline.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-timeline.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-timeline.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-view-list.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-view-list.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-machines-view-list.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-machines-view-list.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-main-portal.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-main-portal.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-main-portal.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-main-portal.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-manage-tags.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-manage-tags.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-manage-tags.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-manage-tags.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping 3.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping 3.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping 3.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping 3.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping1.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping3.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping3.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping3.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping3.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping4.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping4.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping4.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping4.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping5.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping5.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping6.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping6.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping6.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping6.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping7.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping7.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mapping7.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mapping7.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mcas-settings.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mcas-settings.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mcas-settings.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mcas-settings.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mdm-onboarding-package.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mdm-onboarding-package.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-memory-allocation-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-memory-allocation-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-memory-allocation-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-memory-allocation-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mma-properties.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mma-properties.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mma-properties.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mma-properties.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-mma.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-mma.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-mma.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-module-load-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-module-load-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-module-load-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-module-load-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-ms-secure-score-9.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-ms-secure-score-9.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-ms-secure-score.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-ms-secure-score.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-network-communications-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-network-communications-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-network-communications-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-network-communications-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-new-alerts-list.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-new-alerts-list.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-new-suppression-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-new-suppression-rule.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-no-network-connection.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-no-network-connection.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-no-network-connection.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-no-network-connection.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-no-subscriptions-found.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-no-subscriptions-found.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-not-authorized-to-access-portal.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-not-authorized-to-access-portal.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-action.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-action.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-collect-package.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-notification-collect-package.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-collect-package.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-notification-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-isolate.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-isolate.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-notification-isolate.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-isolate.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-restrict.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-restrict.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-notification-restrict.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-notification-restrict.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-notifications.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-notifications.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-observed-in-organization.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-observed-in-organization.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-observed-in-organization.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-observed-machines.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-observed-machines.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-observed-machines.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-observed-machines.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-oma-uri-values.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-oma-uri-values.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-oma-uri-values.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-oma-uri-values.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal-border-test.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints-WDATP-portal-border-test.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal-border-test.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints-WDATP-portal-border-test.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-run-detection-test.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints-run-detection-test.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-run-detection-test.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints-run-detection-test.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-endpoints.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-mdm.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-mdm.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-onboard-mdm.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-onboard-mdm.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-org-score.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-org-score.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-org-score.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-org-score.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-org-sec-score.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-org-sec-score.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-organization-size.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-organization-size.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-organization-size.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-organization-size.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-auto-ir.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-auto-ir.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-list.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-list.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-multiple.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-multiple.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-notification.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-pending-actions-notification.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-permissions-applications.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-permissions-applications.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-permissions-applications.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-permissions-applications.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-portal-sensor.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-portal-sensor.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-portal-welcome-screen.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-portal-welcome-screen.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-portal-welcome-screen.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-portal-welcome-screen.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-portal.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-portal.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-portal.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-portal.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-accept.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-accept.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-accept.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-accept.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-consent.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-consent.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-consent.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-extension.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-extension.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-extension.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-extension.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-get-data.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-get-data.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-get-data.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-importing.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-importing.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-importing.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-importing.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-navigator.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-navigator.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-navigator.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-options.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-options.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-options.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-options.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-preview.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powerbi-preview.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powerbi-preview.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-powershell-command-run-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-powershell-command-run-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-powershell-command-run-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-powershell-command-run-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-preferences-setup.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-preferences-setup.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-preview-experience.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-preview-experience.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-preview-experience.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-preview-experience.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-preview-features.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-preview-features.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-preview-features.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-preview-features.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-process-event-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-process-event-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-process-event-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-process-event-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-process-injection.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-process-injection.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-process-injection.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-process-injection.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-process-tree.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-process-tree.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-process-tree.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-process-tree.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-refresh-token.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-refresh-token.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-refresh-token.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-refresh-token.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-region-control-panel.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-region-control-panel.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-region-control-panel.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-region-control-panel.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-registry-event-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-registry-event-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-registry-event-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-registry-event-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-remediated-alert.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-remediated-alert.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-remediated-alert.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-remediated-alert.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-remove-blocked-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-remove-blocked-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-remove-blocked-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-remove-blocked-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-rename-incident.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-rename-incident.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-rename-incident.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-rename-incident.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-respond-action-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-respond-action-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-respond-action-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-respond-action-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-restrict-app.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-restrict-app.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-restrict-app.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-restrict-app.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-run-av-scan.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-run-av-scan.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-run-av-scan.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-run-av-scan.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-running-script.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-running-script.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-running-script.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-running-script.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sample-custom-ti-alert.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sample-custom-ti-alert.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sample-custom-ti-alert.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sample-custom-ti-alert.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-save-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-save-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-save-tag.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-save-tag.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-save-tag.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-save-tag.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-coverage.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sec-coverage.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sec-coverage.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sec-coverage.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sec-ops-1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sec-ops-1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sec-ops-dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sec-ops-dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-analytics-dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-analytics-dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-analytics-view-machines.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-analytics-view-machines.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-analytics-view-machines2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-analytics-view-machines2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-controls-9.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-controls-9.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-controls.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-controls.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-coverage.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-coverage.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-coverage.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-coverage.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-improvements.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-improvements.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-improvements.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-improvements.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-score-over-time-9.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-score-over-time-9.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-security-score-over-time.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-security-score-over-time.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-filter.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-filter.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-filter-resized.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-filter-resized.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-filter-resized.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-filter-resized.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-filter-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-filter-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-filter-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-filter-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-filter.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-filter.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-filter.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-nonav.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-nonav.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-nonav.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-nonav.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-sensor-health-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-sensor-health-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-offboarding-workspaceid.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-server-offboarding-workspaceid.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-onboarding-workspaceid.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-server-onboarding-workspaceid.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-onboarding.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-server-onboarding.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-services.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-services.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-services.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-services.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-settings-aip.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-aip.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-settings-aip.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-aip.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-settings-powerbi.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-powerbi.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-settings-powerbi.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-powerbi.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-setup-complete.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-setup-complete.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-setup-complete.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-setup-complete.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-setup-incomplete.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-setup-incomplete.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-setup-incomplete.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-setup-incomplete.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-setup-permissions-wdatp-portal.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-setup-permissions-wdatp-portal.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-setup-permissions-wdatp-portal.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-setup-permissions-wdatp-portal.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-shared-queries.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-shared-queries.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-integration.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-integration.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping1.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping13.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping13.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping13.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping2.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping3.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping3.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping3.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping4.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-siem-mapping4.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-siem-mapping4.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-signer-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-signer-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-signer-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-signer-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-simulate-custom-ti.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-simulate-custom-ti.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-simulate-custom-ti.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-simulate-custom-ti.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-stop-quarantine.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-stopnquarantine-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-stopnquarantine-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-stopnquarantine-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-stopnquarantine-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-subscription-expired.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-subscription-expired.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-suppression-rules.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-suppression-rules.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-suppression-rules.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-suppression-rules.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-suspicious-activities-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-suspicious-activities-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-tag-management.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-tag-management.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-tag-management.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-tag-management.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-task-manager.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-task-manager.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-task-manager.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-task-manager.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-threat-intel-api.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-threat-intel-api.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-threat-protection-reports.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-threat-protection-reports.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-thunderbolt-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-thunderbolt-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-thunderbolt-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-thunderbolt-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-tile-sensor-health.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-tile-sensor-health.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-time-zone.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-time-zone.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-time-zone.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-time-zone.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-undo-isolation.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-undo-isolation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-undo-isolation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-undo-isolation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-unsigned-file-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-unsigned-file-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-unsigned-file-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-unsigned-file-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-pane.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-pane.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-user-details-pane.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-pane.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-view-azureatp.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-view-azureatp.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-view-tdp.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-tdp.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-view-tdp.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-view.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details-view.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-user-details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-view-ata.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-user-view-ata.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-user-view-ata.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-user-view-ata.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-users-at-risk.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-users-at-risk.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-users-at-risk.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-users-at-risk.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-verify-passive-mode.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-verify-passive-mode.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-windows-cloud-instance-creation.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-windows-cloud-instance-creation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-windows-cloud-instance-creation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-windows-cloud-instance-creation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-windows-defender-av-events-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-windows-defender-av-events-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp-windows-defender-av-events-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp-windows-defender-av-events-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/atp.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/atp.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/azure-data-discovery.png b/windows/security/threat-protection/microsoft-defender-atp/images/azure-data-discovery.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/azure-data-discovery.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/azure-data-discovery.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/cloud-apps.png b/windows/security/threat-protection/microsoft-defender-atp/images/cloud-apps.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/cloud-apps.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/cloud-apps.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/cloud-discovery.png b/windows/security/threat-protection/microsoft-defender-atp/images/cloud-discovery.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/cloud-discovery.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/cloud-discovery.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/components.png b/windows/security/threat-protection/microsoft-defender-atp/images/components.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/components.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/components.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/creating-account.png b/windows/security/threat-protection/microsoft-defender-atp/images/creating-account.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/creating-account.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/creating-account.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/detection-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/detection-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/detection-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/detection-icon.png
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/email-notification.png b/windows/security/threat-protection/microsoft-defender-atp/images/email-notification.png
new file mode 100644
index 0000000000..1b9875fcad
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/email-notification.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/enable_siem.png b/windows/security/threat-protection/microsoft-defender-atp/images/enable_siem.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/enable_siem.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/enable_siem.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/filter-log.png b/windows/security/threat-protection/microsoft-defender-atp/images/filter-log.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/filter-log.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/filter-log.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/io.png b/windows/security/threat-protection/microsoft-defender-atp/images/io.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/io.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/io.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/licensing-windows-defender-advanced-threat-protection.png b/windows/security/threat-protection/microsoft-defender-atp/images/licensing-windows-defender-advanced-threat-protection.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/licensing-windows-defender-advanced-threat-protection.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/licensing-windows-defender-advanced-threat-protection.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machine-reports.png b/windows/security/threat-protection/microsoft-defender-atp/images/machine-reports.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/machine-reports.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/machine-reports.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machines-active-threats-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/machines-active-threats-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/machines-active-threats-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/machines-active-threats-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machines-at-risk-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/machines-at-risk-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/machines-at-risk-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/machines-at-risk-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machines-at-risk.png b/windows/security/threat-protection/microsoft-defender-atp/images/machines-at-risk.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/machines-at-risk.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/machines-at-risk.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machines-list.png b/windows/security/threat-protection/microsoft-defender-atp/images/machines-list.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/machines-list.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/machines-list.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/machines-reporting-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/machines-reporting-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/machines-reporting-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/machines-reporting-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/menu-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/menu-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/menu-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/menu-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ms-flow-choose-action.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-choose-action.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ms-flow-choose-action.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-choose-action.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ms-flow-define-action.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-define-action.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ms-flow-define-action.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-define-action.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ms-flow-e2e.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-e2e.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ms-flow-e2e.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-e2e.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ms-flow-insert-db.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-insert-db.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ms-flow-insert-db.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-insert-db.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ms-flow-parse-json.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-parse-json.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ms-flow-parse-json.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-parse-json.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ms-flow-read-db.png b/windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-read-db.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ms-flow-read-db.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ms-flow-read-db.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/mss.png b/windows/security/threat-protection/microsoft-defender-atp/images/mss.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/mss.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/mss.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-add-permission.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-add-permission.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/nativeapp-add-permission.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-add-permission.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-add-permissions-end.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-add-permissions-end.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/nativeapp-add-permissions-end.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-add-permissions-end.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-create.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-create.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/nativeapp-create.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-create.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-decoded-token.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-decoded-token.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/nativeapp-decoded-token.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-decoded-token.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-get-appid.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-get-appid.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/nativeapp-get-appid.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-get-appid.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/nativeapp-select-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-select-permissions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/nativeapp-select-permissions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/nativeapp-select-permissions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/new-secure-score-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/new-secure-score-dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/new-secure-score-dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/new-secure-score-dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/new-ssot.png b/windows/security/threat-protection/microsoft-defender-atp/images/new-ssot.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/new-ssot.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/new-ssot.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png b/windows/security/threat-protection/microsoft-defender-atp/images/no-threats-found.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/no-threats-found.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png b/windows/security/threat-protection/microsoft-defender-atp/images/no_threats_found.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/no_threats_found.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/not-remediated-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/not-remediated-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/not-remediated-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/not-remediated-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png b/windows/security/threat-protection/microsoft-defender-atp/images/office-scc-label.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/office-scc-label.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/overview.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/overview.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/overview.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png b/windows/security/threat-protection/microsoft-defender-atp/images/partially-investigated.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/partially-investigated.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png b/windows/security/threat-protection/microsoft-defender-atp/images/partially_investigated.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/partially_investigated.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png b/windows/security/threat-protection/microsoft-defender-atp/images/partially_remediated.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/partially_remediated.png
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/pending-actions.png b/windows/security/threat-protection/microsoft-defender-atp/images/pending-actions.png
new file mode 100644
index 0000000000..8cb0f643a6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/pending-actions.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-create-advanced-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-create-advanced-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-create-advanced-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-create-advanced-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-create-blank-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-create-blank-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-create-blank-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-create-blank-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-edit-credentials.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-edit-credentials.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-edit-credentials.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-edit-credentials.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-edit-data-privacy.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-edit-data-privacy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-edit-data-privacy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-edit-data-privacy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-open-advanced-editor.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-open-advanced-editor.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-open-advanced-editor.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-open-advanced-editor.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-query-results.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-query-results.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-query-results.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-query-results.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-set-credentials-anonymous.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-credentials-anonymous.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-set-credentials-anonymous.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-credentials-anonymous.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-set-credentials-organizational-cont.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-credentials-organizational-cont.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-set-credentials-organizational-cont.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-credentials-organizational-cont.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-set-credentials-organizational.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-credentials-organizational.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-set-credentials-organizational.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-credentials-organizational.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/power-bi-set-data-privacy.png b/windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-data-privacy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/power-bi-set-data-privacy.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/power-bi-set-data-privacy.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/remediated-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/remediated-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/remediated-icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/remediated-icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/rules-legend.png b/windows/security/threat-protection/microsoft-defender-atp/images/rules-legend.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/rules-legend.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/rules-legend.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/run-as-admin.png b/windows/security/threat-protection/microsoft-defender-atp/images/run-as-admin.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/run-as-admin.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/run-as-admin.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/save-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/save-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/save-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/save-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/sccm-deployment.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-deployment.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/sccm-deployment.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/sccm-deployment.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/sec-ops-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/sec-ops-dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/sec-ops-dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/sec-ops-dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/securescore.png b/windows/security/threat-protection/microsoft-defender-atp/images/securescore.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/securescore.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/securescore.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/settings.png b/windows/security/threat-protection/microsoft-defender-atp/images/settings.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/settings.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/settings.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/setup-preferences.png b/windows/security/threat-protection/microsoft-defender-atp/images/setup-preferences.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/setup-preferences.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/setup-preferences.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/setup-preferences2.png b/windows/security/threat-protection/microsoft-defender-atp/images/setup-preferences2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/setup-preferences2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/setup-preferences2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/siem_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/siem_details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ss1.png b/windows/security/threat-protection/microsoft-defender-atp/images/ss1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ss1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ss1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ssot.png b/windows/security/threat-protection/microsoft-defender-atp/images/ssot.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ssot.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ssot.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png b/windows/security/threat-protection/microsoft-defender-atp/images/status-tile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/status-tile.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/status-tile.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/submit-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/submit-file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/submit-file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/submit-file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ta.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/ta.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/ta.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png b/windows/security/threat-protection/microsoft-defender-atp/images/terminated-by-system.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/terminated-by-system.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png b/windows/security/threat-protection/microsoft-defender-atp/images/terminated_by_system.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/terminated_by_system.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/threat-analytics-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/threat-analytics-report.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/top-recommendations.png b/windows/security/threat-protection/microsoft-defender-atp/images/top-recommendations.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/top-recommendations.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/top-recommendations.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_alert_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_alert_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_alert_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_alert_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_bug_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_bug_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_bug_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_bug_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_config_score.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_config_score.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_config_score.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_config_score.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_dashboard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_exposed_machines.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_exposed_machines.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_exposed_machines.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_exposed_machines.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_exposure_score.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_exposure_score.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_exposure_score.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_exposure_score.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_insight_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_insight_icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_insight_icon.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_insight_icon.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_machine_page_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_machine_page_details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_menu.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_menu.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_menu.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_menu.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_remediation_task_created.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_remediation_task_created.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_remediation_task_created.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_remediation_task_created.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_request_remediation.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_request_remediation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_request_remediation.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_request_remediation.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_save_csv_file.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_save_csv_file.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_save_csv_file.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_save_csv_file.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_security_controls.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_security_controls.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_security_controls.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_security_controls.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_security_recommendations.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_security_recommendations.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_security_recommendations.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_security_recommendations.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_security_recommendations_page.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_security_recommendations_page.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_security_recommendations_page.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_security_recommendations_page.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_software_page_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_software_page_details.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/tvm_vuln_software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_vuln_software.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/tvm_vuln_software.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/tvm_vuln_software.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png b/windows/security/threat-protection/microsoft-defender-atp/images/wdatp-pillars.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/wdatp-pillars.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png b/windows/security/threat-protection/microsoft-defender-atp/images/wdatp-pillars2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/wdatp-pillars2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/wdatp-pillars2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdsc.png b/windows/security/threat-protection/microsoft-defender-atp/images/wdsc.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/wdsc.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/wdsc.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-2.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-2.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-2.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-end.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-end.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-end.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-end.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-readalerts.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission-readalerts.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-add-permission.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-app-id1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-app-id1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-create-key.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-create-key.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-create-key.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-create.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-create.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-create.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-decoded-token.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-decoded-token.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-decoded-token.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-decoded-token.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-edit-multitenant.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-multitenant.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-edit-multitenant.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-multitenant.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-edit-settings.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-settings.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-edit-settings.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-edit-settings.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-get-appid.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-get-appid.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-get-appid.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-get-appid.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-grant-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-grant-permissions.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-grant-permissions.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-grant-permissions.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-select-permission.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-select-permission.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-select-permission.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-select-permission.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-validate-token.png b/windows/security/threat-protection/microsoft-defender-atp/images/webapp-validate-token.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/webapp-validate-token.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/webapp-validate-token.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/welcome1.png b/windows/security/threat-protection/microsoft-defender-atp/images/welcome1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/welcome1.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/welcome1.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/win10-endpoint-users.png b/windows/security/threat-protection/microsoft-defender-atp/images/win10-endpoint-users.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/win10-endpoint-users.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/win10-endpoint-users.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windefatp-sc-qc-diagtrack.png b/windows/security/threat-protection/microsoft-defender-atp/images/windefatp-sc-qc-diagtrack.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windefatp-sc-qc-diagtrack.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windefatp-sc-qc-diagtrack.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windefatp-sc-query-diagtrack.png b/windows/security/threat-protection/microsoft-defender-atp/images/windefatp-sc-query-diagtrack.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windefatp-sc-query-diagtrack.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windefatp-sc-query-diagtrack.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windefatp-sc-query.png b/windows/security/threat-protection/microsoft-defender-atp/images/windefatp-sc-query.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windefatp-sc-query.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windefatp-sc-query.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windefatp-utc-console-autostart.png b/windows/security/threat-protection/microsoft-defender-atp/images/windefatp-utc-console-autostart.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windefatp-utc-console-autostart.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windefatp-utc-console-autostart.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-boot-time-integrity.png b/windows/security/threat-protection/microsoft-defender-atp/images/windows-defender-system-guard-boot-time-integrity.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-boot-time-integrity.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windows-defender-system-guard-boot-time-integrity.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-validate-system-integrity.png b/windows/security/threat-protection/microsoft-defender-atp/images/windows-defender-system-guard-validate-system-integrity.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-validate-system-integrity.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windows-defender-system-guard-validate-system-integrity.png
diff --git a/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard.png b/windows/security/threat-protection/microsoft-defender-atp/images/windows-defender-system-guard.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard.png
rename to windows/security/threat-protection/microsoft-defender-atp/images/windows-defender-system-guard.png
diff --git a/windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md b/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md
diff --git a/windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md
new file mode 100644
index 0000000000..9ac051b1dd
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md
@@ -0,0 +1,38 @@
+---
+title: Incidents queue in Microsoft Defender ATP
+description:
+keywords: incidents, aggregate, investigations, queue, ttp
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Incidents in Microsoft Defender ATP
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Microsoft Defender ATP will quickly trigger alerts and launch matching automatic investigations. 
+
+Microsoft Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
+ 
+
+## In this section
+
+Topic | Description 
+:---|:---
+[View and organize the Incidents queue](view-incidents-queue.md)|  See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
+[Manage incidents](manage-incidents.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions.
+[Investigate incidents](investigate-incidents.md)|  See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident.
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md
similarity index 63%
rename from windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md
rename to windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md
index a8696ec1d9..94b5a8b730 100644
--- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md
@@ -18,17 +18,19 @@ ms.date: 12/05/2018
 ---
 
 # Configure information protection in Windows 
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Learn how you can use Windows Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin.
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Learn how you can use Microsoft Defender ATP to expand the coverage of Microsoft Information Protection (WIP) to protect files based on their label, regardless of their origin.
 
 >[!TIP]
-> Read our blog post about how [Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/).
+> Read our blog post about how [Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/).
 
 ## Prerequisites
 - Endpoints need to be on Windows 10, version 1809 or later
-- You'll need the appropriate license to leverage the Windows Defender ATP and Azure Information Protection integration
+- You'll need the appropriate license to leverage the Microsoft Defender ATP and Azure Information Protection integration
 - Your tenant needs to be onboarded to Azure Information Protection analytics, for more information see, [Configure a Log Analytics workspace for the reports](https://docs.microsoft.comazure/information-protection/reports-aip#configure-a-log-analytics-workspace-for-the-reports)
 
 
@@ -44,10 +46,10 @@ Learn how you can use Windows Defender ATP to expand the coverage of Windows Inf
 
     4. Repeat for every label that you want to get WIP applied to in Windows. 
 
-After completing these steps Windows Defender ATP will automatically identify labeled documents stored on the device and enable WIP on them.
+After completing these steps Microsoft Defender ATP will automatically identify labeled documents stored on the device and enable WIP on them.
 
 >[!NOTE]
->- The Windows Defender ATP configuration is pulled every 15 minutes. Allow up to 30 minutes for the new policy to take effect and ensure that the endpoint is online. Otherwise, it will not receive the policy.
+>- The Microsoft Defender ATP configuration is pulled every 15 minutes. Allow up to 30 minutes for the new policy to take effect and ensure that the endpoint is online. Otherwise, it will not receive the policy.
 >- Data forwarded to Azure Information Protection is stored in the same location as your other Azure Information Protection data.
 
 ## Related topic
diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
similarity index 50%
rename from windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md
rename to windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
index be963a981f..b730b7906e 100644
--- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
@@ -18,56 +18,56 @@ ms.topic: conceptual
 
 # Information protection in Windows overview
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
 Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace.
 
 
-Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. 
+Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. 
 
 >[!TIP]
-> Read our blog post about how [Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/).
+> Read our blog post about how [Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices](https://cloudblogs.microsoft.com/microsoftsecure/2019/01/17/windows-defender-atp-integrates-with-microsoft-information-protection-to-discover-protect-and-monitor-sensitive-data-on-windows-devices/).
 
 
-Windows Defender ATP applies two methods to discover and protect data:
+Microsoft Defender ATP applies two methods to discover and protect data:
 - **Data discovery** - Identify sensitive data on Windows devices at risk
 - **Data protection** - Windows Information Protection (WIP) as outcome of Azure Information Protection label
 
 
 ## Data discovery 
-Windows Defender ATP automatically discovers files with sensitivity labels on Windows devices when the feature is enabled. You can enable the Azure Information Protection integration feature from Windows Defender Security Center. For more information, see [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md#azure-information-protection).
+Microsoft Defender ATP automatically discovers files with sensitivity labels on Windows devices when the feature is enabled. You can enable the Azure Information Protection integration feature from Microsoft Defender Security Center. For more information, see [Configure advanced features](advanced-features.md#azure-information-protection).
 
 
 ![Image of settings page with Azure Information Protection](images/atp-settings-aip.png)
 
-After enabling the Azure Information Protection integration, data discovery signals are immediately forwarded to Azure Information Protection from the device. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically reports the signal to Azure Information Protection.
+After enabling the Azure Information Protection integration, data discovery signals are immediately forwarded to Azure Information Protection from the device. When a labeled file is created or modified on a Windows device, Microsoft Defender ATP automatically reports the signal to Azure Information Protection.
 
 The reported signals can be viewed on the Azure Information Protection - Data discovery dashboard.
 
 ### Azure Information Protection - Data discovery dashboard 
-This dashboard presents a summarized discovery information of data discovered by both Windows Defender ATP and Azure Information Protection. Data from Windows Defender ATP is marked with Location Type - Endpoint. 
+This dashboard presents a summarized discovery information of data discovered by both Microsoft Defender ATP and Azure Information Protection. Data from Microsoft Defender ATP is marked with Location Type - Endpoint. 
 
 ![Image of Azure Information Protection - Data discovery](images/azure-data-discovery.png)
 
 
-Notice the Device Risk column on the right, this device risk is derived directly from Windows Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Windows Defender ATP.
+Notice the Device Risk column on the right, this device risk is derived directly from Microsoft Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Microsoft Defender ATP.
 
-Clicking the device risk level will redirect you to the device page in Windows Defender ATP, where you can get a comprehensive view of the device security status and its active alerts. 
+Clicking the device risk level will redirect you to the device page in Microsoft Defender ATP, where you can get a comprehensive view of the device security status and its active alerts. 
 
 
 >[!NOTE]
->Windows Defender ATP does not currently report the Information Types. 
+>Microsoft Defender ATP does not currently report the Information Types. 
 
 ### Log Analytics 
-Data discovery based on Windows Defender ATP is also available in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-overview), where you can perform complex queries over the raw data.
+Data discovery based on Microsoft Defender ATP is also available in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-overview), where you can perform complex queries over the raw data.
 
 For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip). 
 
 Open Azure Log Analytics in Azure Portal and open a query builder (standard or classic). 
 
-To view Windows Defender ATP data, perform a query that contains: 
+To view Microsoft Defender ATP data, perform a query that contains: 
 
 
 ```
@@ -77,20 +77,20 @@ InformationProtectionLogs_CL
 
 **Prerequisites:**
 - Customers must have a subscription for Azure Information Protection.
-- Enable Azure Information Protection integration in Windows Defender Security Center: 
-    - Go to **Settings** in Windows Defender Security Center, click on **Advanced Settings** under **General**.
+- Enable Azure Information Protection integration in Microsoft Defender Security Center: 
+    - Go to **Settings** in Microsoft Defender Security Center, click on **Advanced Settings** under **General**.
 
 
 ## Data protection 
-For data to be protected, they must first be identified through labels. Sensitivity labels are created in Office Security and Compliance (SCC). Windows Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them.
+For data to be protected, they must first be identified through labels. Sensitivity labels are created in Office Security and Compliance (SCC). Microsoft Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them.
 
 
-When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Windows Defender ATP is the Data loss prevention. You'll need to turn on the Data loss prevention and select Enable Windows end point protection (DLP for devices). 
+When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Microsoft Defender ATP is the Data loss prevention. You'll need to turn on the Data loss prevention and select Enable Windows end point protection (DLP for devices). 
 
 
 ![Image of Office 365 Security and Compliance sensitivity label](images/office-scc-label.png)
 
-Once, the policy is set and published, Windows Defender ATP automatically enables WIP for labeled files. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy. 
+Once, the policy is set and published, Microsoft Defender ATP automatically enables WIP for labeled files. When a labeled file is created or modified on a Windows device, Microsoft Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy. 
 
 This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin. 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
index 7e91cf5285..16b8d8a428 100644
--- a/windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@@ -18,7 +18,7 @@ ms.topic: article
 
 # Initiate machine investigation API (Preview)
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -26,14 +26,14 @@ ms.topic: article
 Initiate AutoIR investigation on a machine.
 
 >[!Note]
-> This page focuses on performing an automated investigation on a machine. See [Automated Investigation](automated-investigations-windows-defender-advanced-threat-protection.md) for more information.
+> This page focuses on performing an automated investigation on a machine. See [Automated Investigation](automated-investigations.md) for more information.
 
 ## Limitations
 1. The number of executions is limited (up to 5 calls per hour).
-2. For Automated Investigation limitations, see [Automated Investigation](automated-investigations-windows-defender-advanced-threat-protection.md).
+2. For Automated Investigation limitations, see [Automated Investigation](automated-investigations.md).
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -42,8 +42,8 @@ Delegated (work or school account) |	Alert.ReadWrite |	'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -73,7 +73,7 @@ If successful, this method returns 200 OK response code with object that holds t
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/InitiateInvestigation
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md
index 1c60dae5b7..275fc11cea 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md
@@ -1,5 +1,5 @@
 ---
-title: Investigate Windows Defender Advanced Threat Protection alerts
+title: Investigate Microsoft Defender Advanced Threat Protection alerts
 description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
 keywords: investigate, investigation, machines, machine, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
 search.product: eADQiWindows 10XVcnh
@@ -18,28 +18,28 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
 
-# Investigate Windows Defender Advanced Threat Protection alerts
+# Investigate Microsoft Defender Advanced Threat Protection alerts
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) 
 
 Investigate alerts that are affecting your network, understand what they mean, and how to resolve them. 
 
 Click an alert to see the alert details view and the various tiles that provide information about the alert. 
 
-You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. You'll also see a status of the automated investigation on the upper right corner. Clicking on the link will take you to the Automated investigations view. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md). 
+You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. You'll also see a status of the automated investigation on the upper right corner. Clicking on the link will take you to the Automated investigations view. For more information, see [Automated investigations](automated-investigations.md). 
 
 ![Image of the alert page](images/atp-alert-view.png)
 
 
 The alert context tile shows the where, who, and when context of the alert. As with other pages, you can click on the icon beside the name or user account to bring up the machine or user details pane. The alert details view also has a status tile that shows the status of the alert in the queue. You'll also see a description and a set of recommended actions which you can expand.
 
-For more information about managing alerts, see [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md).
+For more information about managing alerts, see [Manage alerts](manage-alerts.md).
 
 The alert details page also shows the alert process tree, an incident graph, and an artifact timeline.
 
@@ -93,12 +93,12 @@ The **Artifact timeline** feature provides an addition view of the evidence that
 Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization.
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md
similarity index 63%
rename from windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md
index 010408840d..283772ed84 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md
@@ -1,5 +1,5 @@
 ---
-title: Investigate Windows Defender Advanced Threat Protection domains
+title: Investigate Microsoft Defender Advanced Threat Protection domains
 description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
 keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL
 search.product: eADQiWindows 10XVcnh
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/24/2018
 ---
-# Investigate a domain associated with a Windows Defender ATP alert
+# Investigate a domain associated with a Microsoft Defender ATP alert
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) 
 
 Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
 
@@ -60,10 +60,10 @@ The **Most recent observed machinew with URL** section provides a chronological
 5. Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
similarity index 68%
rename from windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
index cf4b455f24..fc752990fc 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
@@ -1,5 +1,5 @@
 ---
-title: Investigate Windows Defender Advanced Threat Protection files
+title: Investigate Microsoft Defender Advanced Threat Protection files
 description: Use the investigation options to get details on files associated with alerts, behaviours, or events.
 keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
 search.product: eADQiWindows 10XVcnh
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/24/2018
 ---
-# Investigate a file associated with a Windows Defender ATP alert
+# Investigate a file associated with a Microsoft Defender ATP alert
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink) 
 
 Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
 
@@ -41,9 +41,9 @@ You can get information from the following sections in the file view:
 - Most recent observed machines with file
 
 ## File worldwide and Deep analysis
-The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md).
+The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts.md).
 
-You'll see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
+You'll see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts.md#deep-analysis).
 
 ![Image of file information](images/atp-file-information.png)
 
@@ -65,10 +65,10 @@ The **Most recent observed machines with the file** section allows you to specif
 This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if you’re trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
index 47c0edb764..cddaa7e5f6 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
@@ -1,5 +1,5 @@
 ---
-title: Investigate incidents in Windows Defender ATP
+title: Investigate incidents in Microsoft Defender ATP
 description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident 
 keywords: investigate, incident, alerts, metadata, risk, detection source, affected machines, patterns, correlation
 search.product: eADQiWindows 10XVcnh
@@ -17,10 +17,10 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Investigate incidents in Windows Defender ATP
+# Investigate incidents in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them. 
@@ -44,10 +44,10 @@ Alerts are grouped into incidents based on the following reasons:
 
 ![Image of alerts tab with incident details page showing the reasons the alerts were linked together in that incident](images/atp-incidents-alerts-reason.png)
 
-You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md). 
+You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts.md). 
 
 ### Machines
-You can also investigate the machines that are part of, or related to, a given incident. For more information, see [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
+You can also investigate the machines that are part of, or related to, a given incident. For more information, see [Investigate machines](investigate-machines.md).
 
 ![Image of machines tab in incident details page](images/atp-incident-machine-tab.png)
 
@@ -57,13 +57,13 @@ Select **Investigations** to see all the automatic investigations launched by th
 ![Image of investigations tab in incident details page](images/atp-incident-investigations-tab.png)
 
 ## Going through the evidence
-Windows Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident. 
+Microsoft Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident. 
 Each of the analyzed entities will be marked as infected, remediated, or suspicious. 
 
 ![Image of evidence tab in incident details page](images/atp-incident-evidence-tab.png)
 
 ## Visualizing associated cybersecurity threats 
-Windows Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
+Microsoft Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
 
 ### Incident graph
 The **Graph** tells the story of the cybersecurity attack. For example, it shows you what was the entry point, which indicator of compromise or activity was observed on which machine. etc.
@@ -77,6 +77,6 @@ You can click the circles on the incident graph to view the details of the malic
 ## Related topics
 - [Incidents queue](incidents-queue.md)
 - [View and organize the Incidents queue](view-incidents-queue.md)
-- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
+- [Manage incidents](manage-incidents.md)
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md
similarity index 68%
rename from windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md
index cf77b8afb9..fda84c5cce 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/24/2018
 ---
-# Investigate an IP address associated with a Windows Defender ATP alert
+# Investigate an IP address associated with a Microsoft Defender ATP alert
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 Examine possible communication between your machines and external internet protocol (IP) addresses.
 
@@ -67,10 +67,10 @@ Use the search filters to define the search criteria. You can also use the timel
 Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
similarity index 76%
rename from windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
index 2b9d2d90f5..c8a7e86f97 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
@@ -1,5 +1,5 @@
 ---
-title: Investigate machines in the Windows Defender ATP Machines list
+title: Investigate machines in the Microsoft Defender ATP Machines list
 description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health.
 keywords: machines, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
 search.product: eADQiWindows 10XVcnh
@@ -18,21 +18,21 @@ ms.topic: article
 ms.date: 09/18/2018
 ---
 
-# Investigate machines in the Windows Defender ATP Machines list
+# Investigate machines in the Microsoft Defender ATP Machines list
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) 
 
 ## Investigate machines
 Investigate the details of an alert raised on a specific machine to identify other behaviors or events that might be related to the alert or the potential scope of breach.
 
 You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas:
 
-- The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-- The [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- The [Machines list](investigate-machines.md)
+- The [Alerts queue](alerts-queue.md)
+- The [Security operations dashboard](security-operations-dashboard.md)
 - Any individual alert
 - Any individual file details view
 - Any IP address or domain details view
@@ -49,7 +49,7 @@ The machine details, logged on users, machine risk, and machine reporting sectio
 **Machine details**</br>
 The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
 
-For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
+For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts.md).
 
 
 **Logged on users**</br>
@@ -62,7 +62,7 @@ Clicking on the logged on users in the Logged on users tile opens the Users Deta
 
 You'll also see details such as logon types for each user account, the user group, and when the account logon occurred.
 
- For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
+ For more information, see [Investigate user entities](investigate-user.md).
 
 **Machine risk**</br>
 The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level can be determined using the number of active alerts or by a combination of multiple risks that may increase the risk assessment and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. It's also indicators of the active threats that machines could be exposed to.
@@ -71,7 +71,7 @@ The Machine risk tile shows the overall risk assessment of a machine. A machine'
 If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. 
 
 >[!NOTE]
->You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+>You'll need to enable the integration on both Azure ATP and Microsoft Defender ATP to use this feature. In Microsoft Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features.md).
 
 **Machine reporting**</br>
 Provides the last internal IP and external IP of the machine. It also shows when the machine was first and last seen reporting to the service. 
@@ -81,7 +81,7 @@ The **Alerts related to this machine** section provides a list of alerts that ar
 
 ![Image of alerts related to machine](images/atp-alerts-related-to-machine.png)
 
-This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
+This list is a filtered version of the [Alerts queue](alerts-queue.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
 
 You can also choose to highlight an alert from the **Alerts related to this machine** or from the  **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.
 
@@ -92,7 +92,7 @@ This feature also enables you to selectively drill down into events that occurre
 
 ![Image of machine timeline with events](images/atp-machines-timeline.png)
 
-Windows Defender ATP monitors and captures suspicious or anomalous behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine.
+Microsoft Defender ATP monitors and captures suspicious or anomalous behavior on Windows 10 machines and displays the process tree flow in the **Machine timeline**. This gives you better context of the behavior which can contribute to understanding the correlation between events, files, and IP addresses in relation to the machine.
 
 
 ### Search for specific events
@@ -114,7 +114,7 @@ Use the search bar to look for specific timeline events. Harness the power of us
     -	Behaviors mode: displays "detections" and selected events of interest
     -	Verbose mode: displays all raw events without aggregation or filtering
 
-- **Event type** - Click the drop-down button to filter by events such as Windows     - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. 
+- **Event type** - Click the drop-down button to filter by events such as Windows     - Microsoft Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. 
     
     Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed.
 
@@ -163,7 +163,7 @@ From the list of events that are displayed in the timeline, you can examine the
 ![Image of machine timeline details pane](images/atp-machine-timeline-details-panel.png)
 
 
-You can also use the [Artifact timeline](investigate-alerts-windows-defender-advanced-threat-protection.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
+You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
 
 Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of meta data on the file or IP address.
 
@@ -173,10 +173,10 @@ The details pane enriches the �in-context’ information across investigation
 
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md
similarity index 64%
rename from windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/investigate-user.md
index 4260159191..69493fe5ec 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md
@@ -1,5 +1,5 @@
 ---
-title: Investigate a user account in Windows Defender ATP
+title: Investigate a user account in Microsoft Defender ATP
 description: Investigate a user account for potential compromised credentials or pivot on the associated user account during an investigation.
 keywords: investigate, account, user, user entity, alert, windows defender atp
 search.product: eADQiWindows 10XVcnh
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/24/2018
 ---
-# Investigate a user account in Windows Defender ATP
+# Investigate a user account in Microsoft Defender ATP
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatgeuser-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatgeuser-abovefoldlink)
 
 ## Investigate user account entities
 Identify user accounts with the most active alerts (displayed on dashboard as "Users at risk") and investigate cases of potential compromised credentials, or pivot on the associated user account when investigating an alert or machine to identify possible lateral movement between machines with that user account.
@@ -53,14 +53,14 @@ The user entity tile provides details about the user such as when the user was f
 If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user.
 
 >[!NOTE]
->You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+>You'll need to enable the integration on both Azure ATP and Microsoft Defender ATP to use this feature. In Microsoft Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features.md).
 
 **Logged on machines**</br>
 You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
 
 
 ## Alerts related to this user
-This section provides a list of alerts that are associated with the user account. This list  is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+This section provides a list of alerts that are associated with the user account. This list  is a filtered view of the [Alert queue](alerts-queue.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
 
 ## Observed in organization
 This section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
@@ -85,11 +85,11 @@ You can filter the results by the following time periods:
 - 6 months
 
 ## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md
index fbf715ebd3..408e800158 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/is-domain-seen-in-org.md
@@ -17,13 +17,15 @@ ms.topic: article
 ---
 
 # Was domain seen in org
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Answers whether a domain was seen in the organization. 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,7 +34,7 @@ Delegated (work or school account) | URL.Read.All |	'Read URLs'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -58,7 +60,7 @@ If successful and domain exists - 200 OK. If domain does not exist - 404 Not Fou
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 GET https://api.securitycenter.windows.com/api/domains/example.com
diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md
index 73631e76cb..3239831649 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/is-ip-seen-org.md
@@ -17,14 +17,15 @@ ms.topic: article
 ---
 
 # Was IP seen in org
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Answers whether an IP was seen in the organization.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -33,7 +34,7 @@ Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
 ```
@@ -68,7 +69,7 @@ GET https://api.securitycenter.windows.com/api/ips/10.209.67.177
 
 Here is an example of the response.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
index 66ef8c4c99..095c078b1f 100644
--- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@@ -17,15 +17,17 @@ ms.topic: article
 ---
 
 # Isolate machine API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Isolates a machine from accessing external network.
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Machine.Isolate |	'Isolate machine'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 
 ## HTTP request
@@ -60,11 +62,11 @@ IsolationType	| String |	Type of the isolation. Allowed values are: 'Full' or 'S
 
 **IsolationType** controls the type of isolation to perform and can be one of the following:
 -	Full – Full isolation
--	Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) for more details)
+-	Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details)
 
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -73,7 +75,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
@@ -106,4 +108,4 @@ Content-type: application/json
 
 ```
 
-To unisolate a machine, see [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md).
+To unisolate a machine, see [Release machine from isolation](unisolate-machine.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/licensing.md
similarity index 62%
rename from windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/licensing.md
index 9560bb473f..c0acd27220 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/licensing.md
@@ -1,6 +1,6 @@
 ---
-title: Validate licensing provisioning and complete Windows Defender ATP set up
-description: Validating licensing provisioning, setting up initial preferences, and completing the user set up for Windows Defender Advanced Threat Protection portal.
+title: Validate licensing provisioning and complete Microsoft Defender ATP set up
+description: Validating licensing provisioning, setting up initial preferences, and completing the user set up for Microsoft Defender Advanced Threat Protection portal.
 keywords: license, licensing, account, set up, validating licensing, windows defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Validate licensing provisioning and complete set up for Windows Defender ATP
+# Validate licensing provisioning and complete set up for Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink)
 
 ## Check license state
 
@@ -50,13 +50,13 @@ To gain access into which licenses are provisioned to your company, and to check
 
    ![Image of O365 admin portal](images\atp-O365-admin-portal-customer.png)
 
-## Access Windows Defender Security Center for the first time
+## Access Microsoft Defender Security Center for the first time
 
-When accessing [Windows Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
+When accessing [Microsoft Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created.
 
 1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
 
-	![Image of Set up your permissions for Windows Defender ATP](images\atp-setup-permissions-wdatp-portal.png)
+	![Image of Set up your permissions for Microsoft Defender ATP](images\atp-setup-permissions-wdatp-portal.png)
 
 	Once the authorization step is completed, the **Welcome** screen will be displayed.
 
@@ -64,7 +64,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
 
 	![Image of Welcome screen for portal set up](images\welcome1.png)
 
-	You will need to set up your preferences for Windows Defender Security Center.
+	You will need to set up your preferences for Microsoft Defender Security Center.
 
 3. Set up preferences
     
@@ -73,9 +73,9 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
    1. **Select data storage location** <br> When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United States, the European Union, or the United Kingdom. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 
     	> [!WARNING]
-    	> This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process.
+    	> This option cannot be changed without completely offboarding from Microsoft Defender ATP and completing a new enrollment process.
 
-   2. **Select the data retention policy** <br> Windows Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
+   2. **Select the data retention policy** <br> Microsoft Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
 
     > [!NOTE]
     > This option can be changed at a later time.
@@ -85,7 +85,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
     > [!NOTE]
     > The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization.
 
-   4. **Turn on preview features** <br> Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
+   4. **Turn on preview features** <br> Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
 
 	    You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
 
@@ -97,30 +97,30 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
 4. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
 
 	> [!NOTE]
-	> Some of these options can be changed at a later time in Windows Defender Security Center.
+	> Some of these options can be changed at a later time in Microsoft Defender Security Center.
 
 	![Image of final preference set up](images\setup-preferences2.png)
 
-5. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
+5. A dedicated cloud instance of Microsoft Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
 
-	![Image of Windows Defender ATP cloud instance](images\creating-account.png)
+	![Image of Microsoft Defender ATP cloud instance](images\creating-account.png)
 
-6. You are almost done. Before you can start using Windows Defender ATP you'll need to:
+6. You are almost done. Before you can start using Microsoft Defender ATP you'll need to:
 
-	- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+	- [Onboard Windows 10 machines](configure-endpoints.md)
 
 	- Run detection test (optional)
 
 	![Image of Onboard machines and run detection test](images\atp-onboard-endpoints-run-detection-test.png)
 
 	> [!IMPORTANT]
-	> If you click **Start using Windows Defender ATP** before onboarding machines you will receive the following notification:
+	> If you click **Start using Microsoft Defender ATP** before onboarding machines you will receive the following notification:
 	>![Image of setup imcomplete](images\atp-setup-incomplete.png)
 
-7. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
+7. After onboarding machines you can click **Start using Microsoft Defender ATP**. You will now launch Microsoft Defender ATP for the first time.
 
 	![Image of onboard machines](images\atp-onboard-endpoints-WDATP-portal.png)
 
 ## Related topics
-- [Onboard machines to the Windows Defender Advanced Threat Protection service](onboard-configure-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
+- [Onboard machines to the Microsoft Defender Advanced Threat Protection service](onboard-configure.md)
+- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
new file mode 100644
index 0000000000..149999abec
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
@@ -0,0 +1,212 @@
+---
+title: Live response command examples
+description: Learn about common commands and see examples on how it's used
+keywords: example, command, cli, remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Live response command examples
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+
+Learn about common commands used in live response and see examples on how they are typically used.
+
+Depending on the role that's been granted to you, you can run basic or advanced live response commands. For more information on basic and advanced commands, see [Investigate entities on machines using live response](live-response.md).
+
+
+## analyze 
+
+```
+# Analyze the file malware.txt
+analyze file c:\Users\user\Desktop\malware.txt
+```
+
+```
+# Analyze the process by PID
+analyze process 1234
+```
+
+## connections
+
+```
+# List active connections in json format using parameter name
+connections -output json
+```
+
+```
+# List active connections in json format without parameter name
+connections json
+```
+
+## dir
+
+```
+# List files and sub-folders in the current folder
+dir
+```
+
+```
+# List files and sub-folders in a specific folder
+dir C:\Users\user\Desktop\
+```
+
+```
+# List files and subfolders in the current folder in json format
+dir -output json
+```
+
+## fileinfo
+
+```
+# Display information about a file
+fileinfo C:\Windows\notepad.exe
+```
+
+## findfile
+
+```
+# Find file by name
+findfile test.txt
+```
+
+## getfile
+
+```
+# Download a file from a machine
+getfile c:\Users\user\Desktop\work.txt
+```
+
+```
+# Download a file from a machine, automatically run prerequisite commands
+getfile c:\Users\user\Desktop\work.txt -auto
+```
+
+## processes
+```
+# Show all processes
+processes
+```
+
+```
+# Get process by pid
+processes 123
+```
+
+```
+# Get process by pid with argument name
+processes -pid 123
+```
+
+```
+# Get process by name
+processes -name notepad.exe
+```
+
+## putfile
+
+```
+# Upload file from library
+putfile get-process-by-name.ps1
+```
+
+```
+# Upload file from library, overwrite file if it exists
+putfile get-process-by-name.ps1 -overwrite
+```
+
+```
+# Upload file from library, keep it on the machine after a restart
+putfile get-process-by-name.ps1 -keep
+```
+
+## registry
+
+```
+# Show information about the values in a registry key
+registry HKEY_CURRENT_USER\Console
+```
+
+```
+# Show information about a specific registry value
+registry HKEY_CURRENT_USER\Console\\ScreenBufferSize
+```
+
+
+## remediate
+
+```
+# Remediate file in specific path
+remediate file c:\Users\user\Desktop\malware.exe
+```
+
+```
+# Remediate process with specific PID
+remediate process 7960
+```
+
+```
+# See list of all remediated entities
+remediate list
+```
+
+## run
+
+```
+# Run PowerShell script from the library without arguments
+run script.ps1
+```
+
+```
+# Run PowerShell script from the library with arguments
+run get-process-by-name.ps1 -parameters "-processName Registry"
+```
+
+## scheduledtask
+
+```
+# Get all scheduled tasks
+scheduledtasks
+```
+
+```
+# Get specific scheduled task by location and name
+scheduledtasks Microsoft\Windows\Subscription\LicenseAcquisition
+```
+
+```
+# Get specific scheduled task by location and name with spacing
+scheduledtasks "Microsoft\Configuration Manager\Configuration Manager Health Evaluation"
+```
+
+
+## undo
+
+```
+# Restore remediated registry
+undo registry HKEY_CURRENT_USER\Console\ScreenBufferSize
+```
+
+```
+# Restore remediated scheduledtask
+undo scheduledtask Microsoft\Windows\Subscription\LicenseAcquisition
+```
+
+```
+# Restore remediated file
+undo file c:\Users\user\Desktop\malware.exe
+```
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
new file mode 100644
index 0000000000..aaab0a442a
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -0,0 +1,255 @@
+---
+title: Investigate entities on machines using live response in Microsoft Defender ATP
+description: Access a machine using a secure remote shell connection to do investigative work and take immediate response actions on a machine in real-time.
+keywords: remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file, 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Investigate entities on machines using live response
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+[!include[Prerelease information](prerelease.md)]
+
+
+Live response is a capability that gives you instantaneous access to a machine using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats – real-time. 
+
+Live response is designed to enhance investigations by enabling you to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats. 
+
+With live response, analysts will have the ability to:
+- Run basic and advanced commands to do investigative work 
+- Download files such as malware samples and outcomes of PowerShell scripts
+- Upload a PowerShell script or executable to the library and run it on the machine from a tenant level
+- Take or undo remediation actions
+
+
+## Before you begin
+Before you can initiate a session on a machine, make sure you fulfill the following requirements:
+
+- Machines must be Windows 10, version 18323 (also known as Windows 10 19H1) or later. 
+
+- **Enable live response from the settings page**<br>
+You'll need to enable the live response capability in the [Advanced features settings](advanced-features.md) page.
+
+    >[!NOTE]
+    >Only users with manage security or global admin roles can edit these settings.
+
+- **Enable live response unsigned script execution** (optional) <br>
+
+    >[!WARNING]
+    >Allowing the use of unsigned scripts may increase your exposure to threats.
+ 
+  Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page.
+    
+- **Ensure that you have the appropriate permissions**<br>
+	Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md). 
+
+    Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. 
+
+## Live response dashboard overview
+When you initiate a live response session on a machine, a dashboard opens. The dashboard provides information about the session such as: 
+
+- Who created the session
+- When the session started
+- The duration of the session
+
+The dashboard also gives you access to:
+- Disconnect session
+- Upload files to the library 
+- Command console
+- Command log
+
+
+## Initiate a live response session on a machine 
+
+1. Log in to Microsoft Defender Security Center.
+2. Navigate to the machines list page and select a machine to investigate. The machine page opens.
+
+    >[!NOTE]
+    >Machines must be on Windows 10, version 18323 (also known as Windows 10 19H1) or later. 
+
+2. Launch the live response session by selecting **Initiate live response session**. A command console is displayed. Wait while the session connects to the machine.
+3. Use the built-in commands to do investigative work. For more information see, [Live response commands](#live-response-commands).
+4. After completing your investigation, select **Disconnect session**, then select **Confirm**.
+
+
+
+## Live response commands
+Depending on the role that's been granted to you, you can run basic or advanced live response commands. User permissions are controlled by RBAC custom roles. For more information on role assignments see, [Create and manage roles](user-roles.md). 
+
+### Basic commands
+The following commands are available for user roles that's been granted the ability to run **basic** live response commands. For more information on role assignments see, [Create and manage roles](user-roles.md). 
+
+Command | Description 
+:---|:---|:---
+cd | Changes the current directory. 
+cls | Clears the console screen. 
+connect | Initiates a live response session to the machine. 
+connections | Shows all the active connections.
+dir | Shows a list of files and subdirectories in a directory
+drivers |  Shows all drivers installed on the machine.
+fileinfo | Get information about a file.
+findfile | Locates files by a given name on the machine.
+help | Provides help information for live response commands.
+persistence | Shows all known persistence methods on the machine.
+processes | Shows all processes running on the machine.
+registry | Shows registry values.
+sheduledtasks| Shows all scheduled tasks on the machine. 
+services | Shows all services on the machine. 
+trace | Sets the terminal's logging mode to debug.
+
+
+### Advanced commands
+The following commands are available for user roles that's been granted the ability to run **advanced** live response commands. For more information on role assignments see, [Create and manage roles](user-roles.md). 
+
+Command | Description 
+:---|:---
+analyze | Analyses the entity with various incrimination engines to reach a verdict.
+getfile | Gets a file from the machine. <br> NOTE: This command has a prerequisite command. You can use the `-auto` command in conjuction with `getfile` to automatically run the prerequisite command. 
+run | Runs a PowerShell script from the library on the machine.
+library | Lists files that were uploaded to the live response library.
+putfile | Puts a file from the library to the machine. Files are saved in a working folder and are deleted when the machine restarts by default.
+remediate | Remediates an entity on the machine. The remediation action will vary depending on the entity type:<br>- File: delete<br>- Process: stop, delete image file<br>- Service: stop, delete image file<br>- Registry entry: delete<br>- Scheduled task: remove<br>- Startup folder item: delete file <br> NOTE: This command has a prerequisite command. You can use the `-auto` command in conjuction with `remediate` to automatically run the prerequisite command. 
+undo | Restores an entity that was remediated. 
+
+
+## Use live response commands
+The commands that you can use in the console follow similar principles as [Windows Commands](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands#BKMK_c).
+
+The advanced commands offer a more robust set of actions that allow you to take more powerful actions such as download and upload a file, run scripts on the machine, and take remediation actions on an entity.
+
+### Get a file from the machine
+For scenarios when you'd like get a file from a machine you're investigating, you can use the `getfile` command. This allows you to save the file from the machine for further investigation.
+
+>[!NOTE]
+>There is a file size limit of 750mb.
+
+### Put a file in the library
+Live response has a library where you can put files into. The library stores files (such as scripts) that can be run in a live response session at the tenant level.
+
+Live response allows PowerShell scripts to run, however you must first put the files into the library before you can run them. 
+
+You can have a collection of PowerShell scripts that can run on machines that you initiate live response sessions with. 
+
+**To upload a file in the library:** 
+1. Click **Upload file to library**. 
+2. Click **Browse** and select the file.
+3. Provide a brief description.
+4. Specify if you'd like to overwrite a file with the same name.
+5. If you'd like to be know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
+6. Click **Confirm**. 
+7. (Optional) To verify that the file was uploaded to the library, run the `library` command.
+
+
+### Cancel a command
+Anytime during a session, you can cancel a command by pressing CTRL + C.  
+
+>[!WARNING]
+>Using this shortcut will not stop the command in the agent side. It will only cancel the command in the portal. So, changing operations such as "remediate" may continue, while the command is canceled. 
+
+
+
+### Automatically run prerequisite commands
+Some commands have prerequisite commands to run. If you don't run the prerequisite command, you'll get an error. For example, running the `download` command without `fileinfo` will return an error.
+
+You can use the auto flag to automatically run prerequisite commands, for example:
+
+```
+getfile c:\Users\user\Desktop\work.txt -auto
+```
+
+
+## Run a PowerShell script 
+Before you can run a PowerShell script, you must first upload it to the library. 
+
+After uploading the script to the library, use the `run` command to run the script.
+
+If you plan to use an unsigned script in the session, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page.
+
+>[!WARNING]
+>Allowing the use of unsigned scripts may increase your exposure to threats.
+
+
+
+## Apply command parameters
+- View the console help to learn about command parameters. To learn about an individual command, run:
+ 
+    `help <command name>`
+
+- When applying parameters to commands, note that parameters are handled based on a fixed order:
+ 
+    `<command name> param1 param2` 
+
+- When specifying parameters outside of the fixed order, specify the name of the parameter with a hyphen before providing the value:
+ 
+    `<command name> -param2_name param2`
+
+- When using commands that have prerequisite commands, you can use flags:
+
+    `<command name> -type file -id <file path> - auto` or `remediate file <file path> - auto`.
+
+
+
+## Supported output types
+Live response supports table and JSON format output types. For each command, there's a default output behavior. You can modify the output in your preferred output format using the following commands:
+
+- `-output json`
+- `-output table`
+
+>[!NOTE]
+>Fewer fields are shown in table format due to the limited space. To see more details in the output, you can use the JSON output command so that more details are shown.
+
+
+## Supported output pipes
+Live response supports output piping to CLI and file. CLI is the default output behavior. You can pipe the output to a file using the following command: [command] > [filename].txt.  
+
+Example:
+
+```
+processes > output.txt
+```
+
+
+
+## View the command log
+Select the **Command log** tab to see the commands used on the machine during a session. 
+Each command is tracked with full details such as:
+- ID
+- Command line
+- Duration
+- Status and input or output side bar
+
+
+
+
+## Limitations
+- Live response sessions are limited to 10 live response sessions at a time
+- Large scale command execution is not supported
+- A user can only initiate one session at a time
+- A machine can only be in one session at a time
+- There is a file size limit of 750mb when downloading files from a machine
+
+## Related topic
+- [Live response command examples](live-response-command-examples.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
index d983539915..bdb50d0354 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
@@ -1,5 +1,5 @@
 ---
-title: Create and manage machine groups in Windows Defender ATP
+title: Create and manage machine groups in Microsoft Defender ATP
 description: Create machine groups and set automated remediation levels on them by confiring the rules that apply on the group
 keywords: machine groups, groups, remediation, level, rules, aad group, role, assign, rank
 search.product: eADQiWindows 10XVcnh
@@ -17,27 +17,27 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Create and manage machine groups in Windows Defender ATP
+# Create and manage machine groups in Microsoft Defender ATP
 **Applies to:**
 
 
 - Azure Active Directory
 - Office 365
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
 In an enterprise scenario, security operation teams are typically assigned a set of machines. These machines are grouped together based on a set of attributes such as their domains, computer names, or designated tags.
 
-In Windows Defender ATP, you can create machine groups and use them to:
-- Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac-windows-defender-advanced-threat-protection.md) 
+In Microsoft Defender ATP, you can create machine groups and use them to:
+- Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac.md) 
 - Configure different auto-remediation settings for different sets of machines
 
 >[!TIP]
 > For a comprehensive look into RBAC application, read: [Is your SOC running flat with RBAC](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Is-your-SOC-running-flat-with-limited-RBAC/ba-p/320015).
 
 As part of the process of creating a machine group, you'll:
-- Set the automated remediation level for that group. For more information on remediation levels, see [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md).
+- Set the automated remediation level for that group. For more information on remediation levels, see [Use Automated investigation to investigate and remediate threats](automated-investigations.md).
 - Specify the matching rule that determines which machine group belongs to the group based on the machine name, domain, tags, and OS platform. If a machine is also matched to other groups, it is added only to the highest ranked machine group.
 - Select the Azure AD user group that should have access to the machine group.
 - Rank the machine group relative to other groups after it is created.
@@ -63,7 +63,7 @@ As part of the process of creating a machine group, you'll:
       - **Full - remediate threats automatically**
         
         >[!NOTE]
-        > For more information on automation levels, see [Understand the Automated investigation flow](automated-investigations-windows-defender-advanced-threat-protection.md#understand-the-automated-investigation-flow).        
+        > For more information on automation levels, see [Understand the Automated investigation flow](automated-investigations.md#understand-the-automated-investigation-flow).        
 
 	 - **Description**
 	 - **Members**      
@@ -96,5 +96,5 @@ Machines that are not matched to any groups are added to Ungrouped machines (def
 
 
 ## Related topic
-- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
-- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Manage portal access using role-based based access control](rbac.md)
+- [Get list of tenant machine groups using Graph API](get-machinegroups-collection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
index 25140e78df..2dc83b0d07 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
@@ -1,5 +1,5 @@
 ---
-title: Machine health and compliance report in Windows Defender ATP
+title: Machine health and compliance report in Microsoft Defender ATP
 description: Track machine health state detections, antivirus status, OS platform, and Windows 10 versions using the machine health and compliance report
 keywords: health state, antivirus, os platform, windows 10 version, version, health, compliance, state
 search.product: eADQiWindows 10XVcnh
@@ -17,17 +17,19 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Machine health and compliance report in Windows Defender ATP
+# Machine health and compliance report in Microsoft Defender ATP
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
  
 The machines status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions.
- 
- 
+
 The dashboard is structured into two sections:
  ![Image of the machine report](images/machine-reports.png)
  
-Section | Description 
+Section | Description
 :---|:---
 1 | Machine trends
 2 | Machine summary (current day)
@@ -78,4 +80,4 @@ For example, to show data about Windows 10 machines with Active sensor health st
 
 
 ## Related topic
-- [Threat protection report ](threat-protection-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Threat protection report ](threat-protection-reports.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
index 61d6e8a22e..b479b0b8a9 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
@@ -20,9 +20,9 @@ ms.topic: article
 # Create and manage machine tags
 Add tags on machines to create a logical group affiliation. Machine group affiliation can represent geographic location, specific activity, importance level and others.
 
-You can create machine groups in the context of role-based access (RBAC) to control who can take specific action or who can see information on a specific machine group or groups by assigning the machine group to a user group. For more information, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+You can create machine groups in the context of role-based access (RBAC) to control who can take specific action or who can see information on a specific machine group or groups by assigning the machine group to a user group. For more information, see [Manage portal access using role-based access control](rbac.md).
 
-You can also use machine groups to assign specific remediation levels to apply during automated investigations. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+You can also use machine groups to assign specific remediation levels to apply during automated investigations. For more information, see [Create and manage machine groups](machine-groups.md).
 
 In an investigation, you can filter the Machines list to just specific machine groups by using the Groups filter. 
 
@@ -33,7 +33,7 @@ You can add tags on machines using the following ways:
 - By setting a registry key value
 - By using the portal
 
-## Add machine tags by setting a registry key value
+## Add machine tags by setting a registry key value
 Add tags on machines which can be used as a filter in Machines list view. You can limit the machines in the list by selecting the Tag filter on the Machines list.
 
 >[!NOTE]
@@ -83,7 +83,7 @@ You can manage tags from the Actions button or by selecting a machine from the M
 ![Image of adding tags on a machine](images/atp-tag-management.png)
 
 ## Add machine tags using APIs
-For more information, see [Add or remove machine tags API](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md).
+For more information, see [Add or remove machine tags API](add-or-remove-machine-tags.md).
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
new file mode 100644
index 0000000000..c7a7c7bf2b
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -0,0 +1,52 @@
+---
+title: Machine resource type
+description: Retrieves top machines
+keywords: apis, supported apis, get, machines
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Machine resource type
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+# Methods
+Method|Return Type |Description
+:---|:---|:---
+[List machines](get-machines.md) | [machine](machine.md) collection | List set of [machine](machine.md) entities in the org.
+[Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity.
+[Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md).
+[Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md).
+[Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine.
+[Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP.
+
+# Properties
+Property |	Type	|	Description
+:---|:---|:---
+id | String | [machine](machine.md) identity.
+computerDnsName | String | [machine](machine.md) fully qualified name.
+firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
+lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
+osPlatform | String | OS platform.
+osVersion | String | OS Version.
+lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
+lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
+agentVersion | String | Version of Microsoft Defender ATP agent.
+osBuild | Nullable long | OS build number.
+healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
+rbacGroupId | Int | RBAC Group ID.
+rbacGroupName | String | RBAC Group Name.
+riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined).
+machineTags | String collection | Set of [machine](machine.md) tags.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
new file mode 100644
index 0000000000..e7f398ba33
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@@ -0,0 +1,49 @@
+---
+title: machineAction resource type
+description: Retrieves top recent machineActions.
+keywords: apis, supported apis, get, machineaction, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# MachineAction resource type
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Method|Return Type |Description
+:---|:---|:---
+[List MachineActions](get-machineactions-collection.md) | [Machine Action](machineaction.md) | List [Machine Action](machineaction.md) entities.
+[Get MachineAction](get-machineaction-object.md) | [Machine Action](machineaction.md) | Get a single [Machine Action](machineaction.md) entity.
+[Collect investigation package](collect-investigation-package.md) | [Machine Action](machineaction.md) | Collect investigation package from a [machine](machine.md).
+[Get investigation package SAS URI](get-package-sas-uri.md) | [Machine Action](machineaction.md) | Get URI for downloading the investigation package.
+[Isolate machine](isolate-machine.md) | [Machine Action](machineaction.md) | Isolate [machine](machine.md) from network.
+[Release machine from isolation](unisolate-machine.md) | [Machine Action](machineaction.md) | Release [machine](machine.md) from Isolation.
+[Restrict app execution](restrict-code-execution.md) | [Machine Action](machineaction.md) | Restrict application execution.
+[Remove app restriction](unrestrict-code-execution.md) | [Machine Action](machineaction.md) | Remove application execution restriction.
+[Run antivirus scan](run-av-scan.md) | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable).
+[Offboard machine](offboard-machine-api.md)|[Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP.
+<br>
+
+## Properties
+Property |	Type	|	Description
+:---|:---|:---
+id | Guid | Identity of the [Machine Action](machineaction.md) entity.
+type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
+requestor | String | Identity of the person that executed the action.
+requestorComment | String | Comment that was written when issuing the action.
+status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
+machineId | String | Id of the machine on which the action was executed.
+creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.
+lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated.
+relatedFileInfo | Class | Contains two Properties. 1) string 'fileIdentifier' 2) Enum 'fileIdentifierType' with the possible values: "Sha1" ,"Sha256" and "Md5".
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md b/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md
new file mode 100644
index 0000000000..2e235e713e
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md
@@ -0,0 +1,6 @@
+---
+ms.date: 08/28/2017
+author: zavidor
+---
+>[!Note]
+> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP.
diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
index c94234e9e1..79720ee3a3 100644
--- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
@@ -1,5 +1,5 @@
 ---
-title: View and organize the Windows Defender ATP machines list
+title: View and organize the Microsoft Defender ATP machines list
 description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the list to enhance investigations.
 keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
 search.product: eADQiWindows 10XVcnh
@@ -18,14 +18,14 @@ ms.topic: article
 ms.date: 09/03/2018
 ---
 
-# View and organize the Windows Defender ATP Machines list
+# View and organize the Microsoft Defender ATP Machines list
 
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
 
 The **Machines list** shows a list of the machines in your network where alerts were generated. By default, the queue displays machines with alerts seen in the last 30 days.  
 
@@ -74,7 +74,7 @@ Filter the list to view specific machines grouped together by the following mach
   - No sensor data
   - Impaired communications
 
-  For more information on how to address issues on misconfigured machines see,  [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+  For more information on how to address issues on misconfigured machines see,  [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 -	**Inactive** – Machines that have completely stopped sending signals for more than 7 days.
 
 
@@ -85,13 +85,13 @@ Filter the list to view specific machines that are well configured or require at
 - **Well configured** - Machines have the Windows Defender security controls well configured. 
 - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
 
-For more information, see [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md).
+For more information, see [View the Secure Score dashboard](secure-score-dashboard.md).
 
 ### Tags
 You can filter the list based on the grouping and tagging that you've added to individual machines. 
 
 
 ## Related topics
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
similarity index 76%
rename from windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
index 170f773f33..c02a9598e4 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
@@ -1,5 +1,5 @@
 ---
-title: Manage Windows Defender Advanced Threat Protection alerts
+title: Manage Microsoft Defender Advanced Threat Protection alerts
 description: Change the status of alerts, create suppression rules to hide alerts, submit comments, and review change history for individual alerts with the Manage Alert menu.
 keywords: manage alerts, manage, alerts, status, new, in progress, resolved, resolve alerts, suppress, supression, rules, context, history, comments, changes
 search.product: eADQiWindows 10XVcnh
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Manage Windows Defender Advanced Threat Protection alerts
+# Manage Microsoft Defender Advanced Threat Protection alerts
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
 
-Windows Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Security operations dashboard**, and you can access all alerts in the **Alerts queue**.
+Microsoft Defender ATP notifies you of possible malicious events, attributes, and contextual information through alerts. A summary of new alerts is displayed in the **Security operations dashboard**, and you can access all alerts in the **Alerts queue**.
 
 You can manage alerts by selecting an alert in the **Alerts queue** or the **Alerts related to this machine** section of the machine details view.
 
@@ -40,7 +40,7 @@ If an alert is no yet assigned, you can select **Assign to me** to assign the al
 
 
 ## Suppress alerts
-There might be scenarios where you need to suppress alerts from appearing in Windows Defender Security Center. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
+There might be scenarios where you need to suppress alerts from appearing in Microsoft Defender Security Center. Microsoft Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
 
 Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
 
@@ -91,7 +91,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 2. The list of suppression rules shows all the rules that users in your organization have created.
 
-For more information on managing suppression rules, see [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+For more information on managing suppression rules, see [Manage suppression rules](manage-suppression-rules.md)
 
 ## Change the status of an alert
 
@@ -115,11 +115,11 @@ Added comments instantly appear on the pane.
 
 
 ## Related topics
-- [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
+- [Manage suppression rules](manage-suppression-rules.md)
+- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue ](alerts-queue.md)
+- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
+- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md b/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md
new file mode 100644
index 0000000000..c852df752c
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md
@@ -0,0 +1,84 @@
+---
+title: Manage allowed/blocked lists
+description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
+keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Manage allowed/blocked lists
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+
+
+Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
+
+On the top navigation you can:
+- Import a list
+- Add an indicator 
+- Customize columns to add or remove columns 
+- Export the entire list in CSV format
+- Select the items to show per page
+- Navigate between pages
+- Apply filters 
+
+## Create an indicator
+1. In the navigation pane, select **Settings** > **Allowed/blocked list**.  
+
+2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: 
+   - File hash
+   - IP address
+   - URLs/Domains
+  
+3. Click **Add indicator**.
+
+4. For each attribute specify the following details:
+   - Indicator - Specify the entity details and define the expiration of the indicator.
+   - Action - Specify the action to be taken and provide a description.
+   - Scope - Define the scope of the machine group.
+    
+5. Review the details in the Summary tab, then click **Save**.
+
+
+>[!NOTE]
+>Blocking IPs, domains, or URLs is currently available on limited preview only.
+>This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforced which is an option that will be generally available soon. 
+>As it is not yet generally available, when Automated investigations finds this indicator during an investigation it will use the allowed/block list as the basis of its decision to automatically remediate (blocked list) or skip (allowed list) the entity.
+
+
+## Manage indicators
+1. In the navigation pane, select **Settings** > **Allowed/blocked list**.  
+
+2. Select the tab of the entity type you'd like to manage.  
+
+3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list.
+
+## Import a list
+You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details. 
+
+Download the sample CSV to know the supported column attributes. 
+
+
+## Related topics
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
+
+
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
similarity index 97%
rename from windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 3b6362ab90..a96e4fe4a4 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -1,5 +1,5 @@
 ---
-title: Learn about the automated investigations dashboard in Windows Defender Security Center
+title: Learn about the automated investigations dashboard in Microsoft Defender Security Center
 description: View the list of automated investigations, its status, detection source and other details.
 keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, machines, duration, filter export
 search.product: eADQiWindows 10XVcnh
@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 09/03/2018
 ---
 
 # Learn about the automated investigations dashboard
@@ -161,7 +160,7 @@ This tab is only displayed when an investigation is complete and shows all pendi
 ## Pending actions
 If there are pending actions on an Automated investigation, you'll see a pop up similar to the following image. 
 
-![Image of pending actions](images\atp-pending-actions-notification.png)
+![Image of pending actions](images\pending-actions.png)
 
 When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
 
@@ -196,4 +195,4 @@ From the panel, you can click on the Open investigation page link to see the inv
 You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. 
 
 ## Related topic
-- [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list.md
index 78b40b3a95..b30f739163 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list.md
@@ -20,11 +20,11 @@ ms.topic: article
 # Manage automation allowed/blocked lists
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
 
 Create a rule to control which entities are automatically incriminated or exonerated during Automated investigations.  
 
@@ -63,6 +63,6 @@ You can define the conditions for when entities are identified as malicious or s
 
 
 ## Related topics
-- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-- [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+- [Manage automation file uploads](manage-automation-file-uploads.md)
+- [Manage indicators](manage-indicators.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
index e311c292ff..cdf8cabeb1 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
@@ -22,11 +22,11 @@ ms.topic: article
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
 
 Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
 
@@ -45,5 +45,5 @@ For example, if you add *exe* and *bat* as file or attachment extension names, t
   
 
 ## Related topics
-- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
index 370187b6f0..217418bd99 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
@@ -22,11 +22,11 @@ ms.topic: article
 **Applies to:**
 
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
 
 Automation folder exclusions allow you to specify folders that the Automated investigation will skip. 
 
@@ -75,5 +75,5 @@ You can specify the file names that you want to be excluded in a specific direct
 
 
 ## Related topics
-- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
+- [Manage automation file uploads](manage-automation-file-uploads.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
similarity index 52%
rename from windows/security/threat-protection/windows-defender-atp/manage-edr.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
index 38ce9039ff..11c2499489 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-edr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
@@ -25,7 +25,7 @@ Manage the alerts queue, investigate machines in the machines list, take respons
 ## In this section
 Topic | Description 
 :---|:---
-[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Windows Defender Security Center.
-[Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. 
-[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
-[Query data using advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool.
\ No newline at end of file
+[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Microsoft Defender Security Center.
+[Machines list](machines-view-overview.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts. 
+[Take response actions](response-actions.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
+[Query data using advanced hunting](advanced-hunting.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index 8b8fa19749..31fb4bb075 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -1,5 +1,5 @@
 ---
-title: Manage Windows Defender ATP incidents
+title: Manage Microsoft Defender ATP incidents
 description: Manage incidents by assigning it, updating its status, or setting its classification. 
 keywords: incidents, manage, assign, status, classification, true alert, false alert
 search.product: eADQiWindows 10XVcnh
@@ -18,10 +18,10 @@ ms.topic: article
 ms.date: 010/08/2018
 ---
 
-# Manage Windows Defender ATP incidents
+# Manage Microsoft Defender ATP incidents
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress. 
 
@@ -60,4 +60,4 @@ Added comments instantly appear on the pane.
 ## Related topics
 - [Incidents queue](incidents-queue.md)
 - [View and organize the Incidents queue](view-incidents-queue.md)
-- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
+- [Investigate incidents](investigate-incidents.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-atp/manage-indicators.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index db76c00fda..912dd04e24 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -20,28 +20,27 @@ ms.topic: article
 # Manage indicators 
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](prerelease.md)]
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
 
 Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
 
 On the top navigation you can:
+
 - Import a list
-- Add an indicator 
-- Customize columns to add or remove columns 
+- Add an indicator
+- Customize columns to add or remove columns
 - Export the entire list in CSV format
 - Select the items to show per page
 - Navigate between pages
-- Apply filters 
+- Apply filters
 
 ## Create an indicator
-1. In the navigation pane, select **Settings** > **Allowed/blocked list**.  
 
-2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: 
+1. In the navigation pane, select **Settings** > **Indicators**.  
+
+2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
    - File hash
    - IP address
    - URLs/Domains
@@ -52,33 +51,29 @@ On the top navigation you can:
    - Indicator - Specify the entity details and define the expiration of the indicator.
    - Action - Specify the action to be taken and provide a description.
    - Scope - Define the scope of the machine group.
-    
+
 5. Review the details in the Summary tab, then click **Save**.
 
 
 >[!NOTE]
 >Blocking IPs, domains, or URLs is currently available on limited preview only.
->This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforced which is an option that will be generally available soon. 
+>This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforced which is an option that will be generally available soon.
 >As it is not yet generally available, when Automated investigations finds this indicator during an investigation it will use the allowed/block list as the basis of its decision to automatically remediate (blocked list) or skip (allowed list) the entity.
 
-
 ## Manage indicators
-1. In the navigation pane, select **Settings** > **Allowed/blocked list**.  
+
+1. In the navigation pane, select **Settings** > **Indicators**.
 
 2. Select the tab of the entity type you'd like to manage.  
 
 3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list.
 
 ## Import a list
-You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details. 
-
-Download the sample CSV to know the supported column attributes. 
-
-
-## Related topics
-- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-
 
+You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details.
 
+Download the sample CSV to know the supported column attributes.
 
+## Related topic
 
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
similarity index 73%
rename from windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
index ec47236a66..1d178278d5 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Manage Windows Defender Advanced Threat Protection suppression rules
+title: Manage Microsoft Defender Advanced Threat Protection suppression rules
 description: Manage suppression rules 
 keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off
 search.product: eADQiWindows 10XVcnh
@@ -20,20 +20,18 @@ ms.topic: article
 # Manage suppression rules
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-suppressionrules-abovefoldlink)
-
-There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
+There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts.md).
 
 You can view a list of all the suppression rules and manage them in one place. You can also turn an alert suppression rule on or off.
 
 ## Turn a suppression rule on or off
+
 1. In the navigation pane, select **Settings** > **Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
 
-2. Select a rule by clicking on the check-box beside the rule name. 
+2. Select a rule by clicking on the check-box beside the rule name.
 
 3. Click **Turn rule on** or **Turn rule off**.
 
@@ -44,5 +42,5 @@ You can view a list of all the suppression rules and manage them in one place. Y
 2. Click on a rule name. Details of the rule is displayed. You'll see the rule details such as  status, scope, action, number of matching alerts, created by, and date when the rule was created. You can also view associated alerts and the rule conditions.
 
 ## Related topics
-- [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 
+- [Manage alerts](manage-alerts.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
similarity index 51%
rename from windows/security/threat-protection/windows-defender-atp/management-apis.md
rename to windows/security/threat-protection/microsoft-defender-atp/management-apis.md
index 2fd2dd6083..772e18bacf 100644
--- a/windows/security/threat-protection/windows-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@@ -20,49 +20,49 @@ ms.topic: conceptual
 # Overview of management and APIs 
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mgt-apis-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mgt-apis-abovefoldlink)
 
-Windows Defender ATP supports a wide variety of options to ensure that customers can easily adopt the platform. 
+Microsoft Defender ATP supports a wide variety of options to ensure that customers can easily adopt the platform. 
 
-Acknowledging that customer environments and structures can vary, Windows Defender ATP was created with flexibility and granular control to fit varying customer requirements. 
+Acknowledging that customer environments and structures can vary, Microsoft Defender ATP was created with flexibility and granular control to fit varying customer requirements. 
 
-Machine onboarding is fully integrated into System Center Configuration Manager and Microsoft Intune for client machines and Azure Security Center for server machines, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Windows Defender ATP supports Group Policy and other third-party tools used for machines management.
+Machine onboarding is fully integrated into System Center Configuration Manager and Microsoft Intune for client machines and Azure Security Center for server machines, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender ATP supports Group Policy and other third-party tools used for machines management.
 
-Windows Defender ATP provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
+Microsoft Defender ATP provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
 - Globally distributed organizations and security teams
 - Tiered model security operations teams
 - Fully segregated devisions with single centralized global security operations teams 
 
-The Windows Defender ATP solution is built on top of an integration-ready platform:
+The Microsoft Defender ATP solution is built on top of an integration-ready platform:
 - It supports integration with a number of security information and event management (SIEM) solutions and also exposes APIs to fully support pulling all the alerts and detection information into any SIEM solution. 
 - It supports a rich set of application programming interface (APIs) providing flexibility for those who are already heavily invested in data enrichment and automation:
    - Enriching events coming from other security systems with foot print or prevalence information
    - Triggering file or machine level response actions through APIs
-   - Keeping systems in-sync such as importing machine tags from asset management systems into Windows Defender ATP, synchronize alerts and incidents status cross ticketing systems with Windows Defender ATP.
+   - Keeping systems in-sync such as importing machine tags from asset management systems into Microsoft Defender ATP, synchronize alerts and incidents status cross ticketing systems with Microsoft Defender ATP.
 
 An important aspect of machine management is the ability to analyze the environment from varying and broad perspectives. This often helps drive new insights and proper priority identification: 
 - The Secure score dashboard provides metrics based method of prioritizing the most important proactive security measures.
-- Windows Defender ATP includes a built-in PowerBI based reporting solution to quickly review trends and details related to Windows Defender ATP alerts and secure score of  machines. The platform also supports full customization of the reports, including mashing of Windows Defender ATP data with your own data stream to produce business specific reports.
+- Microsoft Defender ATP includes a built-in PowerBI based reporting solution to quickly review trends and details related to Microsoft Defender ATP alerts and secure score of  machines. The platform also supports full customization of the reports, including mashing of Microsoft Defender ATP data with your own data stream to produce business specific reports.
 
 
 ## In this section
 Topic | Description 
 :---|:---
 Understand threat intelligence concepts | Learn about alert definitions, indicators of compromise, and other threat intelligence concepts.
-Supported Windows Defender ATP APIs | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
+Supported Microsoft Defender ATP APIs | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
 Managed security service provider | Get a quick overview on managed security service provider support.
 
 
 
 
 ## Related topics
-- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Windows Defender ATP Public API](use-apis.md)
-- [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-- [Role-based access control](rbac-windows-defender-advanced-threat-protection.md)
+- [Onboard machines](onboard-configure.md)
+- [Enable the custom threat intelligence application](enable-custom-ti.md)
+- [Microsoft Defender ATP Public API](use-apis.md)
+- [Pull alerts to your SIEM tools](configure-siem.md)
+- [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+- [Role-based access control](rbac.md)
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
rename to windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
index 41f0442d90..78be427db5 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
@@ -1,6 +1,6 @@
 ---
 title: Configure Microsoft Cloud App Security integration 
-description: Learn how to turn on the settings to enable the Windows Defender ATP integration with Microsoft Cloud App Security.
+description: Learn how to turn on the settings to enable the Microsoft Defender ATP integration with Microsoft Cloud App Security.
 keywords: cloud, app, security, settings, integration, discovery, report
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Microsoft Cloud App Security in Windows Defender ATP
+# Configure Microsoft Cloud App Security in Microsoft Defender ATP
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-
-To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.
-
+To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.
 
 >[!NOTE]
 >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
@@ -33,9 +33,8 @@ To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app disc
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
 2. Select **Microsoft Cloud App Security** and switch the toggle to **On**.
 3. Click **Save preferences**.
- 
 
-Once activated, Windows Defender ATP will immediately start forwarding discovery signals to Cloud App Security.
+Once activated, Microsoft Defender ATP will immediately start forwarding discovery signals to Cloud App Security.
 
 ## View the data collected
 
@@ -45,7 +44,7 @@ Once activated, Windows Defender ATP will immediately start forwarding discovery
 
     ![Image of menu to cloud discovery dashboard](images/atp-cloud-discovery-dashboard-menu.png)
 
-3. Select **Win10 Endpoint Users report**, which contains the data coming from Windows Defender ATP.
+3. Select **Win10 Endpoint Users report**, which contains the data coming from Microsoft Defender ATP.
 
     ![Win10 endpoint users](./images/win10-endpoint-users.png)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
similarity index 58%
rename from windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
rename to windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
index 0edfd423b9..d5549ce952 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
@@ -1,6 +1,6 @@
 ---
 title: Microsoft Cloud App Security integration overview
-description: Windows Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage
+description: Microsoft Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage
 keywords: cloud, app, networking, visibility, usage
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -18,9 +18,9 @@ ms.topic: conceptual
 ms.date: 10/18/2018
 ---
 
-# Microsoft Cloud App Security in Windows Defender ATP overview
+# Microsoft Cloud App Security in Microsoft Defender ATP overview
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -29,17 +29,17 @@ Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution th
 >[!NOTE]
 >This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later.
 
-## Windows Defender ATP and Cloud App Security integration 
+## Microsoft Defender ATP and Cloud App Security integration 
 
-Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Windows Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
+Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Microsoft Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage. The monitoring functionality is built into the device, providing complete coverage of network activity.
 
 The integration provides the following major improvements to the existing Cloud App Security discovery: 
 
 - Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers. 
 
-- Works out of the box, no configuration required - Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Windows Defender ATP and Cloud App Security integration, there's no configuration required. Just switch it on in Windows Defender Security Center settings and you're good to go. 
+- Works out of the box, no configuration required - Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Microsoft Defender ATP and Cloud App Security integration, there's no configuration required. Just switch it on in Microsoft Defender Security Center settings and you're good to go. 
 
-- Device context - Cloud traffic logs lack device context. Windows Defender ATP network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it. 
+- Device context - Cloud traffic logs lack device context. Microsoft Defender ATP network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it. 
 
 For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).
 
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
similarity index 54%
rename from windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index 14c491a3cf..aac7917bca 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -1,8 +1,8 @@
 ---
-title: Windows Defender Advanced Threat Protection
-description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection
-search.product: Windows 10
+title: Microsoft Defender Advanced Threat Protection
+description: Microsoft Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
+keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection
+search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -17,18 +17,18 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Windows Defender Advanced Threat Protection
+# Microsoft Defender Advanced Threat Protection
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink)
 >
 >For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
-Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
+Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
 
-Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
 -   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
-    collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
+    collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
 
 
 -   **Cloud security analytics**: Leveraging big-data, machine-learning, and
@@ -39,12 +39,12 @@ Windows Defender ATP uses the following combination of technology built into Win
 
 -   **Threat intelligence**: Generated by Microsoft hunters, security teams,
     and augmented by threat intelligence provided by partners, threat
-    intelligence enables Windows Defender ATP to identify attacker
+    intelligence enables Microsoft Defender ATP to identify attacker
     tools, techniques, and procedures, and generate alerts when these
     are observed in collected sensor data.
 
 
-<center><h2>Windows Defender ATP</center></h2>
+<center><h2>Microsoft Defender ATP</center></h2>
 <table>
 <tr>
 <td><a href="#tvm"><center><img src="images/TVM_icon.png"> <br><b>Threat & Vulnerability Management</b></center></a></td>
@@ -67,8 +67,8 @@ Windows Defender ATP uses the following combination of technology built into Win
 
 
 >[!TIP]
->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
 <a name="tvm"></a>
 
@@ -83,7 +83,7 @@ The attack surface reduction set of capabilities provide the first line of defen
 <a name="ngp"></a>
 
 **[Next generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)**<br>
-To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
+To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
 
 <a name="edr"></a>
 
@@ -93,40 +93,40 @@ You can also do advanced hunting to create custom threat intelligence and use a
 
 <a name="ai"></a>
 
-**[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
-In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+**[Automated investigation and remediation](automated-investigations.md)**<br>
+In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 
 <a name="ss"></a>
 
-**[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>
-Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
+**[Secure score](overview-secure-score.md)**<br>
+Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
 
 <a name="mte"></a>
 
 **[Microsoft Threat Experts](microsoft-threat-experts.md)**<br>
-Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
+Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
 
 <a name="apis"></a>
 
 **[Management and APIs](management-apis.md)**<br>
-Integrate Windows Defender Advanced Threat Protection into your existing workflows.
+Integrate Microsoft Defender Advanced Threat Protection into your existing workflows.
 
 <a name="mtp"></a>
 
 **[Microsoft Threat Protection](threat-protection-integration.md)** <br>
- Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
+ Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
 
 
 
 ## In this section
-To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. 
+To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Microsoft Defender Security Center. 
 
 Topic | Description
 :---|:---
-[Overview](overview.md) | Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. 
-[Get started](get-started.md) | Learn about the requirements of the platform and the initial steps you need to take to get started with Windows Defender ATP.
-[Configure and manage capabilities](onboard.md)| Configure and manage the individual capabilities in Windows Defender ATP. 
-[Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md) | Learn how to address issues that you might encounter while using the platform.
+[Overview](overview.md) | Understand the concepts behind the capabilities in Microsoft Defender ATP so you take full advantage of the complete threat protection platform. 
+[Get started](get-started.md) | Learn about the requirements of the platform and the initial steps you need to take to get started with Microsoft Defender ATP.
+[Configure and manage capabilities](onboard.md)| Configure and manage the individual capabilities in Microsoft Defender ATP. 
+[Troubleshoot Microsoft Defender ATP](troubleshoot-mdatp.md) | Learn how to address issues that you might encounter while using the platform.
 
 ## Related topic
-[Windows Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats)
+[Microsoft Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
new file mode 100644
index 0000000000..a2319405b5
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@@ -0,0 +1,38 @@
+---
+title: Microsoft Defender Security Center
+description: Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection.
+keywords: windows, defender, security, center, defender, advanced, threat, protection
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Microsoft Defender Security Center
+
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
+
+## In this section
+
+Topic | Description
+:---|:---
+Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
+[Onboard machines](onboard-configure.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
+[Understand the portal](use.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
+Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
+API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Microsoft Defender Security Center.
+Reporting | Create and build Power BI reports using Microsoft Defender ATP data.
+Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
+[Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
+[Access the Microsoft Defender ATP Community Center](community.md) | Access the Microsoft Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot service issues](troubleshoot-mdatp.md) | This section addresses issues that might arise as you use the Microsoft Defender Advanced Threat service.
+
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
similarity index 69%
rename from windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md
rename to windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index 8d0b702f6c..df943f147c 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -1,6 +1,6 @@
 ---
 title: Microsoft Threat Experts 
-description: Microsoft Threat Experts is the new managed threat hunting service in Windows Defender Advanced Threat Protection (Windows Defender ATP) that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. 
+description: Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. 
 keywords: managed threat hunting service, managed threat hunting, MTE, Microsoft Threat Experts
 search.product: Windows 10
 search.appverid: met150
@@ -15,15 +15,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 02/28/2019
 ---
 
 # Microsoft Threat Experts
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
+
 Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
   
 This new capability provides expert-driven insights and data through targeted attack notification and access to experts on demand. 
@@ -39,7 +39,8 @@ Microsoft Threat Experts provides proactive hunting for the most important threa
 >[!NOTE]
 >The Microsoft Threat Experts' experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. 
 
-Customers can engage our security experts directly from within Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand the complex threats affecting your organization, from alert inquiries, potentially compromised machines, root cause of a suspicious network connection, to additional threat intelligence regarding ongoing advanced persistent threat campaigns. With this capability, you can: 
+Customers can engage our security experts directly from within Microsoft Defender Security Center for timely and accurate response. Experts provide insights needed to better understand the complex threats affecting your organization, from alert inquiries, potentially compromised machines, root cause of a suspicious network connection, to additional threat intelligence regarding ongoing advanced persistent threat campaigns. With this capability, you can:
+
 - Get additional clarification on alerts including root cause or scope of the incident 
 - Gain clarity into suspicious machine behavior and next steps if faced with an advanced attacker  
 - Determine risk and protection regarding threat actors, campaigns, or emerging attacker techniques 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
new file mode 100644
index 0000000000..b9112f5c8c
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -0,0 +1,50 @@
+---
+title: Minimum requirements for Microsoft Defender ATP
+description: Understand the licensing requirements and requirements for onboarding machines to the sercvie
+keywords: minimum requirements, licensing, comparison table
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Minimum requirements for Microsoft Defender ATP
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+There are some minimum requirements for onboarding machines to the service.
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
+
+
+>[!TIP]
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+
+## Licensing requirements
+Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+
+- Windows 10 Enterprise E5
+- Windows 10 Education E5
+- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
+
+For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare).
+
+For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559).
+
+For more information about licensing requirements for Microsoft Defender ATP platform on Windows Server, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114).
+
+
+## Related topic
+- [Validate licensing and complete setup](licensing.md)
+- [Onboard machines](onboard-configure.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
similarity index 62%
rename from windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
index ee2aca23c7..35519d3909 100644
--- a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
@@ -1,6 +1,6 @@
 ---
 title: Managed security service provider (MSSP) support
-description: Understand how Windows Defender ATP integrates with managed security service providers (MSSP)
+description: Understand how Microsoft Defender ATP integrates with managed security service providers (MSSP)
 keywords: mssp, integration, managed, security, service, provider
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -20,27 +20,27 @@ ms.topic: conceptual
 # Managed security service provider support
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 
 Security is recognized as a key component in running an enterprise, however some organizations might not have the capacity or expertise to have a dedicated security operations team to manage the security of their endpoints and network, others may want to have a second set of eyes to review alerts in their network.
 
 
-To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Windows Defender ATP. 
+To address this demand, managed security service providers (MSSP) offer to deliver managed detection and response (MDR) services on top of Microsoft Defender ATP. 
 
 
-Windows Defender ATP adds support for this scenario and to allow MSSPs to take the following actions:
+Microsoft Defender ATP adds support for this scenario and to allow MSSPs to take the following actions:
 
-- Get access to MSSP customer's Windows Defender Security Center portal
+- Get access to MSSP customer's Microsoft Defender Security Center portal
 - Get email notifications, and 
 - Fetch alerts through security information and event management (SIEM) tools
 
 
 ## Related topic
-- [Configure managed security service provider integration](configure-mssp-support-windows-defender-advanced-threat-protection.md)
+- [Configure managed security service provider integration](configure-mssp-support.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md
rename to windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index b49c5af6ec..5e7141c4fd 100644
--- a/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -17,15 +17,17 @@ ms.topic: article
 ---
 
 # Offboard machine API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Offboard machine from Windows Defender ATP.
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Offboard machine from Microsoft Defender ATP.
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,7 +37,7 @@ Delegated (work or school account) |	Machine.Offboard |	'Offboard machine'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to 'Global Admin' AD role
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -57,7 +59,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -66,7 +68,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
new file mode 100644
index 0000000000..66a4fdedf6
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -0,0 +1,44 @@
+---
+title: Offboard machines from the Microsoft Defender ATP service
+description: Onboard Windows 10 machines, servers, non-Windows machines from the Microsoft Defender ATP service
+keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Offboard machines from the Microsoft Defender ATP service
+
+**Applies to:**
+- macOS
+- Linux
+- Windows Server 2012 R2
+- Windows Server 2016
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
+
+Follow the corresponding instructions depending on your preferred deployment method.
+
+## Offboard Windows 10 machines
+  - [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script)
+  - [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy)
+  - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
+  - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
+
+## Offboard Servers
+  - [Offboard servers](configure-server-endpoints.md#offboard-servers)
+
+## Offboard non-Windows machines
+  - [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines)
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
similarity index 51%
rename from windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
index 59fad5bda4..ad3404e068 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
@@ -1,5 +1,5 @@
 ---
-title: Onboard machines to the Windows Defender ATP service
+title: Onboard machines to the Microsoft Defender ATP service
 description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test.
 keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
 search.product: eADQiWindows 10XVcnh
@@ -17,21 +17,21 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Onboard machines to the Windows Defender ATP service
+# Onboard machines to the Microsoft Defender ATP service
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-You need to turn on the sensor to give visibility within Windows Defender ATP.
+You need to turn on the sensor to give visibility within Microsoft Defender ATP.
 
-For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
+For more information, see [Onboard your Windows 10 machines to Microsoft Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
 
 [!include[Prerelease information](prerelease.md)]
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 ## Licensing requirements
-Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
 
   -	Windows 10 Enterprise E5
   -	Windows 10 Education E5
@@ -58,7 +58,7 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
 
 Machines on your network must be running one of these editions.
 
-The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
+The hardware requirements for Microsoft Defender ATP on machines is the same as those for the supported editions.
 
 > [!NOTE]
 > Machines that are running mobile versions of Windows are not supported.
@@ -69,15 +69,15 @@ The hardware requirements for Windows Defender ATP on machines is the same as th
 -  Linux
 
 >[!NOTE]
->You'll need to know the exact Linux distros and macOS versions that are compatible with Windows Defender ATP for the integration to work. 
+>You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. 
 
 
 ### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
 
 > [!NOTE]
 > -   You cannot change your data storage location after the first-time setup.
-> -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
+> -   Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
 
 <span id="telemetry-and-diagnostics-settings" />
 ### Diagnostic data settings
@@ -131,40 +131,40 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
 #### Internet connectivity
 Internet connectivity on machines is required either directly or through proxy.
 
-The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
+The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth.
 
-For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
+For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md) .
 
 Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
 
 
 ## Windows Defender Antivirus configuration requirement
-The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
+The Microsoft Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
 
-You must configure Security intelligence updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
-When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
+When Windows Defender Antivirus is not the active antimalware in your organization and you use the Microsoft Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Microsoft Defender ATP must be excluded from this group policy.
 
-If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
+If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints.md).
 
 
 For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 
 ## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
+If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Microsoft Defender ATP agent will successfully onboard.
 
-If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
+If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
 
 
 ## In this section
 Topic | Description
 :---|:---
-[Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP. 
-[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
-[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
-[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
-[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
-[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
-[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
+[Onboard previous versions of Windows](onboard-downlevel.md)| Onboard Windows 7 and Windows 8.1 machines to Microsoft Defender ATP. 
+[Onboard Windows 10 machines](configure-endpoints.md) | You'll need to onboard machines for it to report to the Microsoft Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
+[Onboard servers](configure-server-endpoints.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP 
+[Onboard non-Windows machines](configure-endpoints-non-windows.md) | Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
+[Run a detection test on a newly onboarded machine](run-detection-test.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Microsoft Defender ATP service.
+[Configure proxy and Internet settings](configure-proxy-internet.md)| Enable communication with the Microsoft Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
+[Troubleshoot onboarding issues](troubleshoot-onboarding.md) | Learn about resolving issues that might arise during onboarding.
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index 700436d636..9e5d1c75b1 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -1,6 +1,6 @@
 ---
-title: Onboard previous versions of Windows on Windows Defender ATP
-description: Onboard supported previous versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor
+title: Onboard previous versions of Windows on Microsoft Defender ATP
+description: Onboard supported previous versions of Windows machines so that they can send sensor data to the Microsoft Defender ATP sensor
 keywords: onboard, windows, 7, 81, oms, sp1, enterprise, pro, down level
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -25,35 +25,35 @@ ms.topic: article
 - Windows 7 SP1 Pro
 - Windows 8.1 Pro
 - Windows 8.1 Enterprise
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevel-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevel-abovefoldlink)
 
-Windows Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
+Microsoft Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
 
 >[!IMPORTANT]
->This capability is currently in preview. You'll need to turn on the preview features to take advantage of this feature. For more information, see [Preview features](preview-windows-defender-advanced-threat-protection.md).
+>This capability is currently in preview. You'll need to turn on the preview features to take advantage of this feature. For more information, see [Preview features](preview.md).
 
-To onboard down-level Windows client endpoints to Windows Defender ATP, you'll need to:
+To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to:
 - Configure and update System Center Endpoint Protection clients.
-- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below.
+- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP as instructed below.
 
 >[!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
 
 ## Configure and update System Center Endpoint Protection clients
 >[!IMPORTANT]
 >This step is required only if your organization uses System Center Endpoint Protection (SCEP).
 
-Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
+Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
 
 The following steps are required to enable this integration: 
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) 
 - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
 - Configure your network to allow connections to the Windows Defender Antivirus cloud. For more information, see [Allow connections to the Windows Defender Antivirus cloud](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud)
 
-## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
+## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
 
 ### Before you begin
 Review the following details to verify minimum system requirements:
@@ -77,7 +77,7 @@ Review the following details to verify minimum system requirements:
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
 
 2. Obtain the workspace ID:
-   - In the Windows Defender ATP navigation pane, select **Settings > Machine management > Onboarding**
+   - In the Microsoft Defender ATP navigation pane, select **Settings > Machine management > Onboarding**
    - Select **Windows 7 SP1 and 8.1** as the operating system
    - Copy the workspace ID and workspace key
 
@@ -93,7 +93,7 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
 ### Configure proxy and Internet connectivity settings
  
 - Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
-- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
+- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Microsoft Defender ATP service:
 
 Agent Resource    |    Ports 
 :---|:---
@@ -110,9 +110,9 @@ Agent Resource    |    Ports
 
 
 ## Offboard client endpoints
-To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Windows Defender ATP. 
+To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Microsoft Defender ATP. 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevele-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevele-belowfoldlink)
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
similarity index 67%
rename from windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md
rename to windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
index 9d6532688d..004df78a51 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
@@ -1,6 +1,6 @@
 ---
-title: Onboard machines without Internet access to Windows Defender ATP
-description: Onboard machines without Internet access so that they can send sensor data to the Windows Defender ATP sensor
+title: Onboard machines without Internet access to Microsoft Defender ATP
+description: Onboard machines without Internet access so that they can send sensor data to the Microsoft Defender ATP sensor
 keywords: onboard, servers, vm, on-premise, oms gateway, log analytics, azure log analytics, mma
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,19 +17,18 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Onboard machines without Internet access to Windows Defender ATP 
+# Onboard machines without Internet access to Microsoft Defender ATP 
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 To onboard machines without Internet access, you'll need to take the following general steps:
 
-
 ## On-premise machines
 
 - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
   - [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
-  - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints-windows-defender-advanced-threat-protection.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-windows-defender-atp) point to Microsoft Defender ATP Workspace key & ID
+  - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp) point to Microsoft Defender ATP Workspace key & ID
 
 - Offline machines in the same network of Azure Log Analytics
   -  Configure MMA to point to:
@@ -41,13 +40,13 @@ To onboard machines without Internet access, you'll need to take the following g
 
     - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
       - [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
-      - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints-windows-defender-advanced-threat-protection.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-windows-defender-atp) point to Microsoft Defender ATP Workspace key & ID
+      - [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp) point to Microsoft Defender ATP Workspace key & ID
     - Offline Azure VMs in the same network of OMS Gateway
       - Configure Azure Log Analytics IP as a proxy
       - Azure Log Analytics Workspace Key & ID
 
     - Azure Security Center (ASC)
       - [Security Policy \> Log Analytics Workspace](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
-      - [Threat Detection \> Allow Windows Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
+      - [Threat Detection \> Allow Microsoft Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
 
         For more information, see [Working with security policies](https://docs.microsoft.com/azure/security-center/tutorial-security-policy).
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
similarity index 60%
rename from windows/security/threat-protection/windows-defender-atp/onboard.md
rename to windows/security/threat-protection/microsoft-defender-atp/onboard.md
index 33c43ec774..b6f9eb3bb2 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
@@ -1,6 +1,6 @@
 ---
-title: Configure and manage Windows Defender ATP capabilities
-description: Configure and manage Windows Defender ATP capabilities such as attack surface reduction, next generation protection, and security controls 
+title: Configure and manage Microsoft Defender ATP capabilities
+description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, next generation protection, and security controls 
 keywords: configure, manage, capabilities, attack surface reduction, next generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,12 +17,12 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Configure and manage Windows Defender ATP capabilities
+# Configure and manage Microsoft Defender ATP capabilities
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization. 
+Configure and manage all the Microsoft Defender ATP capabilities to get the best security protection for your organization. 
 
 
 ## In this section 
@@ -30,11 +30,11 @@ Topic | Description
 :---|:---
 [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
 [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
-[Configure Secure score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.
+[Configure Secure score dashboard security controls](secure-score-dashboard.md) | Configure the security controls in Secure score to increase the security posture of your organization.
 [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
-Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Windows Defender ATP.
+Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Microsoft Defender ATP.
 Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. 
-[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) |  Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
+[Configure Microsoft Defender Security Center settings](preferences-setup.md) |  Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
rename to windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
index e6ea3aed4c..035f98555e 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
@@ -1,6 +1,6 @@
 ---
 title: Overview of attack surface reduction
-description: Learn about the attack surface reduction capability in Windows Defender ATP
+description: Learn about the attack surface reduction capability in Microsoft Defender ATP
 keywords: 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -20,9 +20,9 @@ ms.topic: conceptual
 # Overview of attack surface reduction
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Attack surface reduction capabilities in Windows Defender ATP helps protect the devices and applications in  your organization from new and emerging threats. 
+Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in  your organization from new and emerging threats. 
 
 | Capability | Description |
 |------------|-------------|
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
similarity index 66%
rename from windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md
rename to windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
index 76fd2d9bd1..6b9462b9f6 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
@@ -20,13 +20,13 @@ ms.topic: conceptual
 
 # Custom detections overview
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Alerts in Windows Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats.
+Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats.
 
 This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. 
-Custom detections are queries that run periodically every 24 hours and can be configured so that when the query meets the criteria you set, alerts are created and are surfaced in Windows Defender Security Center. These alerts will be treated like any other alert in the system.
+Custom detections are queries that run periodically every 24 hours and can be configured so that when the query meets the criteria you set, alerts are created and are surfaced in Microsoft Defender Security Center. These alerts will be treated like any other alert in the system.
 
 This capability is particularly useful for scenarios when you want to pro-actively prevent threats and be notified quickly of emerging threats.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
new file mode 100644
index 0000000000..1c0a5cd0f6
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -0,0 +1,42 @@
+---
+title: Overview of endpoint detection and response capabilities
+description: Learn about the endpoint detection and response capabilities in Microsoft Defender ATP
+keywords: 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Overview of endpoint detection and response
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
+
+When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
+
+Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
+
+The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
+
+## In this section
+
+Topic | Description
+:---|:---
+[Security operations dashboard](security-operations-dashboard.md) | Explore a high level overview of detections, highlighting where response actions are needed.
+[Incidents queue](incidents-queue.md) | View and organize the incidents queue, and manage and investigate alerts.
+[Alerts queue](alerts-queue.md) | View and organize the machine alerts queue, and manage and investigate alerts.
+[Machines list](machines-view-overview.md) | Investigate machines with generated alerts and search for specific events over time.
+[Take response actions](response-actions.md) | Learn about the available response actions and apply them to machines and files.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
rename to windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
index b86fea8fb4..2c91a25599 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
@@ -18,9 +18,9 @@ ms.date: 09/07/2018
 
 # Hardware-based isolation in Windows 10
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Windows Defender ATP. 
+Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender ATP. 
 
 | Feature | Description |
 |------------|-------------|
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md
index 3f92d168af..3d1b55266e 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md
@@ -19,9 +19,9 @@ ms.topic: conceptual
 
 # Overview of advanced hunting 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
+Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Microsoft Defender Security Center. 
 
 With advanced hunting, you can take advantage of the following capabilities:
 
@@ -33,7 +33,7 @@ With advanced hunting, you can take advantage of the following capabilities:
 ## In this section
 Topic | Description 
 :---|:---
-[Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) | Learn how to use the basic or advanced query examples to search for possible emerging threats in your organization.
+[Query data using Advanced hunting](advanced-hunting.md) | Learn how to use the basic or advanced query examples to search for possible emerging threats in your organization.
 [Custom detections](overview-custom-detections.md)|  With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats.
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md
index bde1e7c9b6..9d743faca2 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md
@@ -1,5 +1,5 @@
 ---
-title: Overview of Secure score in Windows Defender Security Center
+title: Overview of Secure score in Microsoft Defender Security Center
 description: Expand your visibility into the overall security posture of your organization
 keywords: secure score, security controls, improvement opportunities, security score over time, score, posture, baseline
 search.product: eADQiWindows 10XVcnh
@@ -17,9 +17,9 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Overview of Secure score in Windows Defender Security Center
+# Overview of Secure score in Microsoft Defender Security Center
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
 
@@ -47,7 +47,7 @@ The Office 365 Secure Score looks at your settings and activities and compares t
 
 In the example image, the total points for the Windows security controls and Office 365 add up to 602 points. 
 
-You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md).
+You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score.md).
 
 ## Secure score over time
 You can track the progression of your organizational security posture over time using this tile. It displays the overall score in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
@@ -77,5 +77,5 @@ Within the tile, you can click on each control to see the recommended optimizati
 Clicking the link under the Misconfigured machines column opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
 
 ## Related topic
-- [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-- [Threat analytics for Spectre and Meltdown](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [Threat analytics](threat-analytics.md)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview.md b/windows/security/threat-protection/microsoft-defender-atp/overview.md
new file mode 100644
index 0000000000..0ff326b0fe
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview.md
@@ -0,0 +1,45 @@
+---
+title: Overview of Microsoft Defender ATP 
+description: Understand the concepts behind the capabilities in Microsoft Defender ATP so you take full advantage of the complete threat protection platform
+keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Overview of Microsoft Defender ATP capabilities
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Understand the concepts behind the capabilities in Microsoft Defender ATP so you take full advantage of the complete threat protection platform.
+
+>[!TIP]
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+
+## In this section
+
+Topic | Description
+:---|:---
+[Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) | Reduce organizational vulnerability exposure and increase threat resilience while seamlessly connecting workflows across security stakeholders—security administrators, security operations, and IT administrators in remediating threats.
+[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization.
+[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Microsoft Defender ATP so you can protect desktops, portable computers, and servers.
+[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Microsoft Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
+[Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
+[Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
+[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
+[Advanced hunting](overview-hunting.md) |  Use a powerful search and query language to create custom queries and detection rules.
+[Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
+[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. 
+[Portal overview](portal-overview.md) |Learn to navigate your way around Microsoft Defender Security Center.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-atp/partner-applications.md
rename to windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 4f2cd61854..9d200c1bfa 100644
--- a/windows/security/threat-protection/windows-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -20,7 +20,7 @@ ms.topic: conceptual
 # Partner applications in Microsoft Defender ATP 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
@@ -31,7 +31,7 @@ The support for third-party solutions help to further streamline, integrate, and
 Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
 
 ## SIEM integration
-Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+Microsoft Defender ATP supports SIEM integration through a variety of methods - specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
 
 ## Ticketing and IT service management 
 Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
@@ -54,11 +54,4 @@ Microsoft Defender ATP allows you to integrate with such solutions and act on Io
 Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
 
 ## Support for non-Windows platforms
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data giving you a unified experience.
-
-
-
-
-
-
-
+Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data giving you a unified experience.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
index d94a65a540..8734d8b92a 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Defender Advanced Threat Protection portal overview
-description: Use Windows Defender Security Center to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
+title: Microsoft Defender Advanced Threat Protection portal overview
+description: Use Microsoft Defender Security Center to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
+keywords: Microsoft Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -17,26 +17,26 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual 
 ---
 
-# Windows Defender Advanced Threat Protection portal overview
+# Microsoft Defender Advanced Threat Protection portal overview
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
 
-Enterprise security teams can use Windows Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
+Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
 
-You can use [Windows Defender Security Center](https://securitycenter.windows.com/) to:
+You can use [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
 - View, sort, and triage alerts from your endpoints
 - Search for more information on observed indicators such as files and IP Addresses
-- Change Windows Defender ATP settings, including time zone and review licensing information.
+- Change Microsoft Defender ATP settings, including time zone and review licensing information.
 
-## Windows Defender Security Center
+## Microsoft Defender Security Center
 When you open the portal, you’ll see the main areas of the application:
 
- ![Windows Defender Advanced Threat Protection portal](images/dashboard.png)
+ ![Microsoft Defender Advanced Threat Protection portal](images/dashboard.png)
 
 - (1) Navigation pane
 - (2) Main portal
@@ -55,18 +55,18 @@ Area | Description
 **Alerts** | View alerts generated from machines in your organizations.
 **Automated investigations** | Displays a list of automated investigations that's been conducted in the network, the status of each investigation and other details such as when the investigation started and the duration of the investigation.
 **Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool.
-**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
+**Machines list** | Displays the list of machines that are onboarded to Microsoft Defender ATP, some information about them, and the corresponding number of alerts.
 **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
 **Settings** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure Score dashboard.
 **(2) Main portal** | Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
-**(3) Community center, Time settings,  Help and support, Feedback** | **Community center** -Access the Community center to learn, collaborate, and share experiences about the product. </br></br>  **Time settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br></br>  **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.</br></br> **Feedback** - Access the feedback button to provide comments about the portal. 
+**(3) Community center, Time settings,  Help and support, Feedback** | **Community center** -Access the Community center to learn, collaborate, and share experiences about the product. </br></br>  **Time settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br></br>  **Help and support** - Gives you access to the Microsoft Defender ATP guide, Microsoft support, and Premier support.</br></br> **Feedback** - Access the feedback button to provide comments about the portal. 
 
-## Windows Defender ATP icons
+## Microsoft Defender ATP icons
 The following table provides information on the icons used all throughout the portal:
 
 Icon | Description
 :---|:---
-![ATP logo icon](images\atp-logo-icon.png)| Windows Defender ATP logo
+![ATP logo icon](images\atp-logo-icon.png)| Microsoft Defender ATP logo
 ![Alert icon](images\alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks.
 ![Detection icon](images\detection-icon.png)| Detection – Indication of a malware threat detection.
 ![Active threat icon](images\active-threat-icon.png)| Active threat – Threats actively executing at the time of detection.
@@ -112,7 +112,7 @@ Icon | Description
 ![Recommendation insights icon](images\tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights
 
 ## Related topics
-- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
-- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md)
+- [View the Security operations dashboard](security-operations-dashboard.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index 82d437d18a..53cae96485 100644
--- a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -19,14 +19,14 @@ ms.topic: article
 # Submit or Update Indicator API
 
 **Applies to:** 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 >[!Note]
 > Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
 
 
-- Submits or Updates new [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+- Submits or Updates new [Indicator](ti-indicator.md) entity.
 
 
 ## Permissions
@@ -43,7 +43,7 @@ Application |	Ti.ReadWrite.All |	'Read and write All Indicators'
 POST https://api.securitycenter.windows.com/api/indicators
 ```
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 
 ## Request headers
@@ -58,7 +58,7 @@ In the request body, supply a JSON object with the following parameters:
 
 Parameter |	Type	| Description
 :---|:---|:---
-indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
+indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity. **Required**
 indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
 action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
 title | String | Indicator alert title. **Optional**
@@ -69,7 +69,7 @@ recommendedActions | String | TI indicator alert recommended actions. **Optional
 
 
 ## Response
-- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
+- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator.md) entity in the response body.
 - If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit an Indicator that conflicts with an existing Indicator type or Action.  
 
 ## Example
diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md
similarity index 63%
rename from windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md
index c38db1be9d..36e77e0ea1 100644
--- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md
@@ -1,6 +1,6 @@
 ---
-title: Create and build Power BI reports using Windows Defender ATP data
-description: Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
+title: Create and build Power BI reports using Microsoft Defender ATP data
+description: Get security insights by creating and building Power BI dashboards using data from Microsoft Defender ATP and other data sources.
 keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,10 +17,10 @@ ms.topic: article
 ---
 
 
-# Create and build Power BI reports using Windows Defender ATP data
+# Create and build Power BI reports using Microsoft Defender ATP data
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 [!include[Prerelease information](prerelease.md)]
@@ -28,11 +28,11 @@ ms.topic: article
 >[!TIP]
 >Go to **Advanced features** in the **Settings** page to turn on the preview features.
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-powerbireports-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-powerbireports-abovefoldlink) 
 
-Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. 
+Understand the security status of your organization, including the status of machines, alerts, and investigations using the Microsoft Defender ATP reporting feature that integrates with Power BI. 
 
-Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
+Microsoft Defender ATP supports the use of Power BI data connectors to enable you to connect and access Microsoft Defender ATP data using Microsoft Graph.
 
 Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization. 
 
@@ -40,10 +40,10 @@ You can easily get started by:
 - Creating a dashboard on the Power BI service 
 - Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization 
 
-You can access these options from Windows Defender Security Center. Both the Power BI service and Power BI Desktop are supported. 
+You can access these options from Microsoft Defender Security Center. Both the Power BI service and Power BI Desktop are supported. 
 
-## Create a Windows Defender ATP dashboard on Power BI service
-Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
+## Create a Microsoft Defender ATP dashboard on Power BI service
+Microsoft Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
 
 1. In the navigation pane, select **Settings** > **Power BI reports**.
 
@@ -65,11 +65,11 @@ Windows Defender ATP makes it easy to create a Power BI dashboard by providing a
 
     ![Image of Power BI authentication method](images/atp-powerbi-extension.png)
 
-4. Click **Sign in**. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+4. Click **Sign in**. If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
 
       ![Consent image](images/atp-powerbi-accept.png)
 
-5. Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
+5. Click **Accept**. Power BI service will start downloading your Microsoft Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
 
     ![Image of importing data](images/atp-powerbi-importing.png)
     
@@ -95,9 +95,9 @@ For more information, see [Create a Power BI dashboard from a report](https://po
 
     ![Image of Microsoft AppSource to get data](images/atp-get-data.png)
 
-4. In the AppSource window, select **Apps** and search for Windows Defender Advanced Threat Protection.
+4. In the AppSource window, select **Apps** and search for Microsoft Defender Advanced Threat Protection.
 
-    ![Image of AppSource to get Windows Defender ATP](images/atp-appsource.png)
+    ![Image of AppSource to get Microsoft Defender ATP](images/atp-appsource.png)
 
 5. Click **Get it now**.
 
@@ -108,11 +108,11 @@ For more information, see [Create a Power BI dashboard from a report](https://po
 
     ![Image of Power BI authentication method](images/atp-powerbi-extension.png)
 
-7. Click **Sign in**. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+7. Click **Sign in**. If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
 
       ![Consent image](images/atp-powerbi-accept.png)
 
-8.	Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
+8.	Click **Accept**. Power BI service will start downloading your Microsoft Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
 
     ![Image of importing data](images/atp-powerbi-importing.png)
     
@@ -126,13 +126,13 @@ For more information, see [Create a Power BI dashboard from a report](https://po
 9. Click **View dataset** to explore your data.
 
 
-## Build a custom Windows Defender ATP dashboard in Power BI Desktop
+## Build a custom Microsoft Defender ATP dashboard in Power BI Desktop
 You can create a custom dashboard in Power BI Desktop to create visualizations that cater to the specific views that your organization requires.  
 
 ### Before you begin
 1.	Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/).
 
-2.	In the Windows Defender Security Center navigation pane, select **Settings** > **Power BI reports**.
+2.	In the Microsoft Defender Security Center navigation pane, select **Settings** > **Power BI reports**.
 
     ![Image of settings Power BI reports](images/atp-settings-powerbi.png)    
 
@@ -157,23 +157,23 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t
     
 9. Restart Power BI Desktop.
 
-## Customize the Windows Defender ATP Power BI dashboard
+## Customize the Microsoft Defender ATP Power BI dashboard
 After completing the steps in the Before you begin section, you can proceed with building your custom dashboard.
 
 1.	Open WDATPPowerBI.pbit from the zip with Power BI Desktop.
 
-2.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+2.	If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, and access your data.
 
     ![Consent image](images/atp-powerbi-consent.png)
 
-3.	Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
+3.	Click **Accept**. Power BI Desktop will start downloading your Microsoft Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
 
 
 
-## Mashup Windows Defender ATP data with other data sources
-You can use Power BI Desktop to analyse data from Windows Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.
+## Mashup Microsoft Defender ATP data with other data sources
+You can use Power BI Desktop to analyse data from Microsoft Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.
 
-1.	In Power BI Desktop, in the Home ribbon, click **Get data** and search for **Windows Defender Advanced Threat Protection**.
+1.	In Power BI Desktop, in the Home ribbon, click **Get data** and search for **Microsoft Defender Advanced Threat Protection**.
 
     ![Get data in Power BI](images/atp-powerbi-get-data.png)
 
@@ -183,13 +183,13 @@ You can use Power BI Desktop to analyse data from Windows Defender ATP and mash
 
     ![Power BI preview connector](images/atp-powerbi-preview.png) 
 
-4.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+4.	If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, and access your data.
 
     ![Consent image](images/atp-powerbi-consent.png)
 
-5.	Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
+5.	Click **Accept**. Power BI Desktop will start downloading your Microsoft Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
 
-6.	In the Navigator dialog box, select the Windows Defender ATP feeds you'd like to download and use in your reports and click Load. Data will start to be downloaded from the Microsoft Graph.
+6.	In the Navigator dialog box, select the Microsoft Defender ATP feeds you'd like to download and use in your reports and click Load. Data will start to be downloaded from the Microsoft Graph.
 
      ![Power BI navigator page](images/atp-powerbi-navigator.png)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md
index 66420af797..23d24eaf40 100644
--- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md
@@ -17,10 +17,10 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# PowerShell code examples for the custom threat intelligence API
+# PowerShell code examples for the custom threat intelligence API (Deprecated)
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
@@ -174,13 +174,13 @@ $ioc =
 
 ```
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-psexample-belowfoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-psexample-belowfoldlink) 
 
 
 ## Related topics
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
-- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Understand threat intelligence concepts](threat-indicator-concepts.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
+- [Python code examples for the custom threat intelligence API](python-example-code.md)
+- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
similarity index 71%
rename from windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
index c868f2a2d3..8fe6ed0a0c 100644
--- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
@@ -1,5 +1,5 @@
 ---
-title: Configure Windows Defender Security Center settings
+title: Configure Microsoft Defender Security Center settings
 description: Use the settings page to configure general settings, permissions, apis, and rules.
 keywords: settings, general settings, permissions, apis, rules
 search.product: eADQiWindows 10XVcnh
@@ -16,12 +16,12 @@ audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
-# Configure Windows Defender Security Center settings
+# Configure Microsoft Defender Security Center settings
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
 
 Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/prerelease.md b/windows/security/threat-protection/microsoft-defender-atp/prerelease.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/prerelease.md
rename to windows/security/threat-protection/microsoft-defender-atp/prerelease.md
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
new file mode 100644
index 0000000000..b92d9d416a
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@@ -0,0 +1,41 @@
+---
+title: Turn on the preview experience in Microsoft Defender ATP
+description: Turn on the preview experience in Microsoft Defender Advanced Threat Protection to try upcoming features.
+keywords: advanced features, settings, block file
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+# Turn on the preview experience in Microsoft Defender ATP
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
+
+Turn on the preview experience setting to be among the first to try upcoming features.
+
+1. In the navigation pane, select **Settings** > **Advanced features**.
+
+    ![Image of settings and preview experience](images/atp-preview-features.png)
+
+
+2. Toggle the setting between **On** and **Off** and select **Save preferences**.
+
+## Related topics
+- [Update general settings in Microsoft Defender ATP](data-retention-settings.md)
+- [Turn on advanced features in Microsoft Defender ATP](advanced-features.md)
+- [Configure email notifications in Microsoft Defender ATP](configure-email-notifications.md)
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [Create and build Power BI reports](powerbi-reports.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
new file mode 100644
index 0000000000..3659e79b88
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -0,0 +1,67 @@
+---
+title: Microsoft Defender ATP preview features
+description: Learn how to access Microsoft Defender Advanced Threat Protection preview features.
+keywords: preview, preview experience, Microsoft Defender Advanced Threat Protection, features, updates
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Microsoft Defender ATP preview features
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) 
+
+Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+
+For more information on capabilities that are generally available or in preview, see [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md).
+
+## Turn on preview features
+You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
+
+Turn on the preview experience setting to be among the first to try upcoming features.
+
+1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**.
+
+2. Toggle the setting between **On** and **Off** and select **Save preferences**.
+
+## Preview features
+The following features are included in the preview release:
+
+- [Live response](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/live-response)<BR> Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats – real-time.
+
+- [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
+
+- [Machine health and compliance report](machine-reports.md)  The machine health and compliance report provides high-level information about the devices in your organization.
+
+- [Information protection](information-protection-in-windows-overview.md)<BR>
+Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
+
+    >[!NOTE]
+    >Partially available from Windows 10, version 1809.
+
+- [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md) <BR> Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored machines.
+
+    >[!NOTE]
+    >Available from Windows 10, version 1809 or later.
+
+- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) <BR> Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines.
+
+- [Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) <br>
+Microsoft Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 22a8c2fd31..35352f18b7 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -1,6 +1,6 @@
 ---
-title: Pull Windows Defender ATP alerts using REST API
-description: Pull alerts from Windows Defender ATP REST API.
+title: Pull Microsoft Defender ATP alerts using REST API
+description: Pull alerts from Microsoft Defender ATP REST API.
 keywords: alerts, pull alerts, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Pull Windows Defender ATP alerts using SIEM REST API
+# Pull Microsoft Defender ATP alerts using SIEM REST API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
 
-Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts from the portal.
+Microsoft Defender ATP supports the OAuth 2.0 protocol to pull alerts from the portal.
 
 In general, the OAuth 2.0 protocol supports four types of flows:
 - Authorization grant flow
@@ -36,19 +36,19 @@ In general, the OAuth 2.0 protocol supports four types of flows:
 
 For more information about the OAuth specifications, see the [OAuth Website](http://www.oauth.net).
 
-Windows Defender ATP supports the _Authorization grant flow_ and _Client credential flow_ to obtain access to generate alerts from the portal, with Azure Active Directory (AAD) as the authorization server.
+Microsoft Defender ATP supports the _Authorization grant flow_ and _Client credential flow_ to obtain access to generate alerts from the portal, with Azure Active Directory (AAD) as the authorization server.
 
 The _Authorization grant flow_ uses user credentials to get an authorization code, which is then used to obtain an access token.
 
-The _Client credential flow_ uses client credentials to authenticate against the Windows Defender ATP endpoint URL. This flow is suitable for scenarios when an OAuth client creates requests to an API that doesn't require user credentials.
+The _Client credential flow_ uses client credentials to authenticate against the Microsoft Defender ATP endpoint URL. This flow is suitable for scenarios when an OAuth client creates requests to an API that doesn't require user credentials.
 
-Use the following method in the Windows Defender ATP API to pull alerts in JSON format.
+Use the following method in the Microsoft Defender ATP API to pull alerts in JSON format.
 
 >[!NOTE]
->Windows Defender Security Center merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering. 
+>Microsoft Defender Security Center merges similar alert detections into a single alert. This API pulls alert detections in its raw form based on the query parameters you set, enabling you to apply your own grouping and filtering. 
 
 ## Before you begin
-- Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+- Before calling the Microsoft Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
 
 - Take note of the following values in your Azure application registration. You need these values to configure the OAuth flow in your service or daemon app:
   - Application ID (unique to your application)
@@ -59,7 +59,7 @@ Use the following method in the Windows Defender ATP API to pull alerts in JSON
 ## Get an access token
 Before creating calls to the endpoint, you'll need to get an access token.
 
-You'll use the access token to access the protected resource, which are alerts in Windows Defender ATP.
+You'll use the access token to access the protected resource, which are alerts in Microsoft Defender ATP.
 
 To get an access token, you'll need to do a POST request to the token issuing endpoint. Here is a sample request:
 
@@ -84,10 +84,10 @@ The response will include an access token and expiry information.
   "access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
 }
 ```
-You can now use the value in the *access_token* field in a request to the Windows Defender ATP API.
+You can now use the value in the *access_token* field in a request to the Microsoft Defender ATP API.
 
 ## Request
-With an access token, your app can make authenticated requests to the Windows Defender ATP API. Your app must append the access token to the Authorization header of each request.
+With an access token, your app can make authenticated requests to the Microsoft Defender ATP API. Your app must append the access token to the Authorization header of each request.
 
 ### Request syntax
 Method | Request URI
@@ -111,7 +111,7 @@ string ago | string | Pulls alerts in the following time range: from `(current_t
 int?limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.<br><br> **NOTE**: When not specified, all alerts available in the time range will be retrieved.
 machinegroups | String | Specifies machine groups to pull alerts from. <br><br> **NOTE**: When not specified, alerts from all machine groups will be retrieved. <br><br> Example: <br><br> ```https://wdatp-alertexporter-eu.securitycenter.windows.com/api/Alerts/?machinegroups=UKMachines&machinegroups=FranceMachines```
 DeviceCreatedMachineTags | string | Single machine tag from the registry.
-CloudCreatedMachineTags | string | Machine tags that were created in Windows Defender Security Center.
+CloudCreatedMachineTags | string | Machine tags that were created in Microsoft Defender Security Center.
 
 ### Request example
 The following example demonstrates how to retrieve all the alerts in your organization.
@@ -161,7 +161,7 @@ Here is an example return value:
 "ThreatName":null,
 "RemediationAction":null,
 "RemediationIsSuccess":null,
-"Source":"Windows Defender ATP",
+"Source":"Microsoft Defender ATP",
 "Md5":null,
 "Sha256":null,
 "WasExecutingWhileDetected":null,
@@ -171,7 +171,7 @@ Here is an example return value:
 
 ## Code examples
 ### Get access token
-The following code example demonstrates how to obtain an access token and call the Windows Defender ATP API.
+The following code example demonstrates how to obtain an access token and call the Microsoft Defender ATP API.
 
 ```syntax
 AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}/oauth2", tenantId));
@@ -193,7 +193,7 @@ Console.WriteLine("Got alert list: {0}", alertsJson);
 
 
 ## Error codes
-The Windows Defender ATP REST API returns the following error codes caused by an invalid request.
+The Microsoft Defender ATP REST API returns the following error codes caused by an invalid request.
 
 HTTP error code | Description
 :---|:---
@@ -202,8 +202,8 @@ HTTP error code | Description
 500 | Error in the service.
 
 ## Related topics
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)
+- [Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)
+- [Microsoft Defender ATP alert API fields](api-portal-mapping.md)
+- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/python-example-code.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/python-example-code.md
index c64fd1617c..d0dd4808c2 100644
--- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/python-example-code.md
@@ -17,13 +17,10 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Python code examples for the custom threat intelligence API
+# Python code examples for the custom threat intelligence API (Deprecated)
 
 **Applies to:**
-
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 ## Before you begin
@@ -179,13 +176,13 @@ with requests.Session() as session:
 ```
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pyexample-belowfoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pyexample-belowfoldlink) 
 
 
 ## Related topics
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Understand threat intelligence concepts](threat-indicator-concepts.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
+- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
+- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
similarity index 60%
rename from windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/rbac.md
index 38f1c79ee9..2264afd86c 100644
--- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
@@ -1,5 +1,5 @@
 ---
-title: Use role-based access control to grant fine-grained access to Windows Defender Security Center
+title: Use role-based access control to grant fine-grained access to Microsoft Defender Security Center
 description: Create roles and groups within your security operations to grant access to the portal.
 keywords: rbac, role, based, access, control, groups, control, tier, aad
 search.product: eADQiWindows 10XVcnh
@@ -21,9 +21,9 @@ ms.topic: article
 **Applies to:**
 - Azure Active Directory
 - Office 365
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink)
 
 
 Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the  portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. 
@@ -36,13 +36,13 @@ Tier 1 | **Local security operations team / IT team** <br> This team usually tri
 Tier 2 | **Regional security operations team** <br> This team can see all the machines for their region and perform remediation actions.
 Tier 3 | **Global security operations team** <br> This team consists of security experts and are authorized to see and perform all actions from the portal.
 
-Windows Defender ATP RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, machines they can access, and actions they can take. The RBAC framework is centered around the following controls:
+Microsoft Defender ATP RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, machines they can access, and actions they can take. The RBAC framework is centered around the following controls:
 
 - **Control who can take specific action**
-  - Create custom roles and control what Windows Defender ATP capabilities they can access with granularity.
+  - Create custom roles and control what Microsoft Defender ATP capabilities they can access with granularity.
  
 - **Control who can see information on specific machine group or groups**
-  - [Create machine groups](machine-groups-windows-defender-advanced-threat-protection.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific  Azure Active Directory (Azure AD) user group.
+  - [Create machine groups](machine-groups.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific  Azure Active Directory (Azure AD) user group.
 
 To implement role-based access, you'll need to define admin roles, assign corresponding permissions, and assign Azure AD user groups assigned to the roles.
 
@@ -54,20 +54,20 @@ Before using RBAC, it's important that you understand the roles that can grant p
 > [!WARNING]
 > Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Azure AD and that you have your Azure AD groups ready to reduce the risk of being locked out of the portal. 
 
-When you first log in to Windows Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
+When you first log in to Microsoft Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD. 
 
-Someone with a Windows Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments
+Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments
 
 > [!WARNING]
-> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Windows Defender Security Center, therefore, having the right groups ready in Azure AD is important.
+> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Microsoft Defender Security Center, therefore, having the right groups ready in Azure AD is important.
 >
 > **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.** 
 >
->Users with admin permissions are automatically assigned the default built-in Windows Defender ATP global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Windows Defender ATP global administrator role. 
+>Users with admin permissions are automatically assigned the default built-in Microsoft Defender ATP global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Microsoft Defender ATP global administrator role. 
 >
 > After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal. 
 
 
 
 ## Related topic
-- [Create and manage machine groups in Windows Defender ATP](machine-groups-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Create and manage machine groups in Microsoft Defender ATP](machine-groups.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 544077f49b..8f41965c48 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -1,5 +1,5 @@
 ---
-title: Take response actions on a file in Windows Defender ATP
+title: Take response actions on a file in Microsoft Defender ATP
 description: Take response actions on file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
 keywords: respond, stop and quarantine, block file, deep analysis
 search.product: eADQiWindows 10XVcnh
@@ -20,11 +20,9 @@ ms.topic: article
 # Take response actions on a file
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responddile-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responddile-abovefoldlink) 
 
 Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center.
 
@@ -102,7 +100,7 @@ You can roll back and remove a file from quarantine if you’ve determined that
   ```
 
 > [!NOTE]
-> Windows Defender ATP will restore all files that were quarantined on this machine in the last 30 days.
+> Microsoft Defender ATP will restore all files that were quarantined on this machine in the last 30 days.
 
 ## Block files in your network
 You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
@@ -199,7 +197,7 @@ Results of deep analysis are matched against threat intelligence and any matches
 
 Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
 
-In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
+In the file's page, **Submit for deep analysis** is enabled when the file is available in the Microsoft Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
 
 > [!NOTE]
 > Only files from Windows 10 can be automatically collected.
@@ -207,9 +205,9 @@ In the file's page, **Submit for deep analysis** is enabled when the file is ava
 You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
 
 > [!NOTE]
-> Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP.
+> Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Microsoft Defender ATP.
 
-When the sample is collected, Windows Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on machines, communication to IPs, and registry modifications.
+When the sample is collected, Microsoft Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on machines, communication to IPs, and registry modifications.
 
 **Submit files for deep analysis:**
 
@@ -230,7 +228,7 @@ A progress bar is displayed and provides information on the different stages of
 
 ### View deep analysis reports
 
-View the deep analysis report that Windows Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
+View the deep analysis report that Microsoft Defender ATP provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
 
 You can view the comprehensive report that provides details on the following sections:
 
@@ -263,9 +261,9 @@ If you encounter a problem when trying to submit a file, try each of the followi
       Value = 0 – block sample collection
       Value = 1 – allow sample collection
     ```
-5. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md).
+5. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp.md).
 6. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com).
 
 
 ## Related topic
-- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions on a machine](respond-machine-alerts.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
similarity index 97%
rename from windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 9d051a1e7e..637441b781 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -1,5 +1,5 @@
 ---
-title: Take response actions on a machine in Windows Defender ATP
+title: Take response actions on a machine in Microsoft Defender ATP
 description: Take response actions on a machine such as isolating machines, collecting an investigation package, managing tags, running av scan, and restricting app execution.
 keywords: respond, isolate, isolate machine, collect investigation package, action center, restrict, manage tags, av scan, restrict app
 search.product: eADQiWindows 10XVcnh
@@ -20,10 +20,10 @@ ms.topic: article
 # Take response actions on a machine
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) 
 
 Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
 
@@ -184,7 +184,7 @@ Depending on the severity of the attack and the sensitivity of the machine, you
 >- Selective isolation is available for machines on Windows 10, version 1709 or later.
 
 
-This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
+This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Microsoft Defender ATP service, which continues to monitor the machine.
 
 On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity (a.k.a 'Selective Isolation').
 
@@ -209,7 +209,7 @@ On Windows 10, version 1709 or later, you'll have additional control over the ne
 4. Type a comment and select **Yes, isolate machine** to take action on the machine.
   
     >[!NOTE]
-    >The machine will remain connected to the Windows Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the machine is isolated.
+    >The machine will remain connected to the Microsoft Defender ATP service even if it is isolated from the network. If you've chosen to enable Outlook and Skype for Business communication, then you'll be able to communicate to the user while the machine is isolated.
 
    The Action center shows the submission information:
     ![Image of machine isolation](images/atp-machine-isolation.png)
@@ -249,4 +249,4 @@ All other related details are also shown, for example, submission time, submitti
 ![Image of action center with information](images/atp-action-center-with-info.png)
 
 ## Related topic
-- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions on a file](respond-file-alerts.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/response-actions.md
similarity index 58%
rename from windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/response-actions.md
index 6e601dc0fd..36b3d69003 100644
--- a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/response-actions.md
@@ -1,5 +1,5 @@
 ---
-title: Take response actions on files and machines in Windows Defender ATP
+title: Take response actions on files and machines in Microsoft Defender ATP
 description: Take response actions on files and machines by stopping and quarantining files, blocking a file, isolating machines, or collecting an investigation package.
 keywords: respond, stop and quarantine, block file, deep analysis, isolate machine, collect investigation package, action center
 search.product: eADQiWindows 10XVcnh
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Take response actions in Windows Defender ATP
+# Take response actions in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responseactions-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responseactions-abovefoldlink) 
 
 You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization.
 
@@ -35,5 +35,5 @@ You can take response actions on machines and files to quickly respond to detect
 ## In this section
 Topic | Description
 :---|:---
-[Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)| Isolate machines or collect an investigation package.
-[Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.
+[Take response actions on a machine](respond-machine-alerts.md)| Isolate machines or collect an investigation package.
+[Take response actions on a file](respond-file-alerts.md)| Stop and quarantine files or block a file from your network.
diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
index 671ec7d8fe..d158112673 100644
--- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@@ -17,15 +17,17 @@ ms.topic: article
 ---
 
 # Restrict app execution API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information)
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts.md) for more information)
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -57,7 +59,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -78,7 +80,7 @@ Content-type: application/json
 
 Here is an example of the response.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 HTTP/1.1 201 Created
@@ -98,5 +100,5 @@ Content-type: application/json
 
 ```
 
-To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md).
+To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution.md).
 
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 9d9ea6c85d..14f4788ccd 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -19,10 +19,9 @@ ms.topic: article
 # Advanced hunting API
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting).
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+This API allows you to run programmatic queries that you are used to running from [Microsoft Defender ATP Portal](https://securitycenter.windows.com/hunting).
 
 ## Limitations
 1. You can only run a query on data from the last 30 days
@@ -31,7 +30,7 @@ This API allows you to run programmatic queries that you are used to running fro
 4. The maximal execution time of a single request is 10 minutes.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -41,7 +40,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have 'View Data' AD role
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -133,18 +132,18 @@ Content-Type: application/json​
 - Error: (403) Forbidden / (401) Unauthorized
 	
 	
-    If you get this error when calling Windows Defender ATP API, your token might not include the necessary permission.
+    If you get this error when calling Microsoft Defender ATP API, your token might not include the necessary permission.
 
 	Check [app permissions](exposed-apis-create-app-webapp.md#validate-the-token) or [delegated permissions](exposed-apis-create-app-nativeapp.md#validate-the-token) included in your token.
 	
     If the 'roles' section in the token does not include the necessary permission: 
 
-	- The necessary permission to your app might not have been granted. For more information, see [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md#create-an-app) or [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md#create-an-app) or,
+	- The necessary permission to your app might not have been granted. For more information, see [Access Microsoft Defender ATP without a user](exposed-apis-create-app-webapp.md#create-an-app) or [Access Microsoft Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md#create-an-app) or,
     - The app was not authorized in the tenant, see [Application consent](exposed-apis-create-app-webapp.md#application-consent).
 
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
-- [Advanced Hunting from Portal](advanced-hunting-windows-defender-advanced-threat-protection.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Advanced Hunting from Portal](advanced-hunting.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
 - [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-ms-flow.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-ms-flow.md
index dd2f1dc672..e1d7a5a41b 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-ms-flow.md
@@ -18,7 +18,7 @@ ms.topic: article
 
 # Schedule Advanced Hunting using Microsoft Flow 
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -86,6 +86,6 @@ You can find below the full definition
 ![Image of E2E flow](images/ms-flow-e2e.png)
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md
similarity index 99%
rename from windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md
index 9282b0c321..55075237cb 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md
@@ -131,7 +131,7 @@ If you want to use **user token** instead please refer to [this](run-advanced-qu
 
 ## Related topic
 - [Create custom Power BI reports with user authentication](run-advanced-query-sample-power-bi-user-token.md)
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
 - [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-user-token.md
similarity index 95%
rename from windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-user-token.md
index 83380bfe20..33c27cd6fa 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-user-token.md
@@ -17,12 +17,13 @@ ms.topic: article
 ---
 
 # Create custom reports using Power BI (user authentication)
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-
 Run advanced queries and show results in Microsoft Power BI. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
 
 In this section we share Power BI query sample to run a query using **user token**.
@@ -112,7 +113,7 @@ You first need to [create an app](exposed-apis-create-app-nativeapp.md).
 
 ## Related topic
 - [Create custom Power BI reports with app authentication](run-advanced-query-sample-power-bi-app-token.md)
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
 - [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
index 487b150df6..18837b317e 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@@ -18,7 +18,7 @@ ms.topic: article
 
 # Advanced Hunting using PowerShell
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
@@ -62,7 +62,7 @@ $aadToken = $response.access_token
 
 where
 - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
+- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
 - $appSecret: Secret of your AAD app
 
 ## Run query
@@ -114,7 +114,7 @@ $results | ConvertTo-Json | Set-Content file1.json
 
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using Python](run-advanced-query-sample-python.md)
 - [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index a80cd077b7..6fc3842443 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -17,8 +17,10 @@ ms.topic: article
 ---
 
 # Advanced Hunting using Python
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
 
@@ -62,7 +64,7 @@ aadToken = jsonResponse["access_token"]
 
 where
 - tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
+- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
 - appSecret: Secret of your AAD app
 
 ## Run query
@@ -141,7 +143,7 @@ outputFile.close()
 
 
 ## Related topic
-- [Windows Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender ATP APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
 - [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index 95d084af2a..26d3a4d3ec 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -17,15 +17,17 @@ ms.topic: article
 ---
 
 # Run antivirus scan API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Initiate Windows Defender Antivirus scan on a machine.
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) |	Machine.Scan |	'Scan machine'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -87,7 +89,7 @@ Content-type: application/json
 
 Here is an example of the response.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 HTTP/1.1 201 Created
diff --git a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
similarity index 73%
rename from windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 098f8b6720..d9a36f6795 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -1,6 +1,6 @@
 ---
-title: Run a detection test on a newly onboarded Windows Defender ATP machine
-description: Run the detection script on a newly onboarded machine to verify that it is properly onboarded to the Windows Defender ATP service.
+title: Run a detection test on a newly onboarded Microsoft Defender ATP machine
+description: Run the detection script on a newly onboarded machine to verify that it is properly onboarded to the Microsoft Defender ATP service.
 keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, test
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-#  Run a detection test on a newly onboarded Windows Defender ATP machine 
+#  Run a detection test on a newly onboarded Microsoft Defender ATP machine 
 
 **Applies to:**
 - Supported Windows 10 versions
@@ -25,10 +25,10 @@ ms.topic: article
 - Windows Server 2016
 - Windows Server, version 1803
 - Windows Server, 2019
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
+Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Microsoft Defender ATP service.
 
 1. Create a folder:  'C:\test-WDATP-test'.
 2. Open an elevated command-line prompt on the machine and run the script:
@@ -48,5 +48,5 @@ Run the following PowerShell script on a newly onboarded machine to verify that
 The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded machine in approximately 10 minutes.
 
 ## Related topics
-- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Onboard servers](configure-server-endpoints.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md
index d3c9466607..add0504410 100644
--- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md
@@ -18,7 +18,7 @@ ms.topic: article
 
 # Configure the security controls in Secure score
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Each security control lists recommendations that you can take to increase the security posture of your organization.
 
@@ -29,9 +29,9 @@ For an machine to be considered "well configured", it must comply to a minimum b
 >This feature is available for machines on Windows 10, version  1607 or later.
 
 #### Minimum baseline configuration setting for EDR:
-- Windows Defender ATP sensor is on
+- Microsoft Defender ATP sensor is on
 - Data collection is working correctly
-- Communication to Windows Defender ATP service is not impaired
+- Communication to Microsoft Defender ATP service is not impaired
 
 ##### Recommended actions:
 You can take the following actions to increase the overall security score of your organization:
@@ -39,7 +39,7 @@ You can take the following actions to increase the overall security score of you
 - Fix sensor data collection
 - Fix impaired communications
 
-For more  information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). 
+For more  information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md). 
 
 ### Windows Defender Antivirus (Windows Defender AV) optimization
 For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
@@ -81,13 +81,13 @@ This tile shows you the exact number of machines that require the latest securit
 You can take the following actions to increase the overall security score of your organization:
 - Install the latest security updates
 - Fix sensor data collection
-  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 
 For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/help/4027322/windows-windows-update-troubleshooter).
 
 
 ### Windows Defender Exploit Guard (Windows Defender EG) optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on machines so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Windows Defender ATP Machine timeline. 
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on machines so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Microsoft Defender ATP Machine timeline. 
 
 
 >[!IMPORTANT]
@@ -136,7 +136,7 @@ Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DD
 The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
 
 >[!NOTE]
-> Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
+> Audit mode, allows you to see audit events in the Microsoft Defender ATP Machine timeline however it does not block suspicious applications.
 >Consider enabling Controlled Folder Access for better protection.
 
 ##### Recommended actions:
@@ -149,7 +149,7 @@ You can take the following actions to increase the overall security score of you
 For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
 
 ### Windows Defender Application Guard (Windows Defender AG) optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Windows Defender ATP Machine timeline. 
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Microsoft Defender ATP Machine timeline. 
 
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1709 or later.
@@ -179,7 +179,7 @@ For more information, see [Windows Defender Application Guard overview](../windo
 For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
 
 >[!WARNING]
-> Data collected by Windows Defender SmartScreen might be stored and processed outside of the storage location you have selected for your Windows Defender ATP data.
+> Data collected by Windows Defender SmartScreen might be stored and processed outside of the storage location you have selected for your Microsoft Defender ATP data.
 
 
 >[!IMPORTANT]
@@ -228,7 +228,7 @@ You can take the following actions to increase the overall security score of you
 - Secure public profile
 - Verify secure configuration of third-party firewall
 - Fix sensor data collection
-  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 
 For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
 
@@ -250,7 +250,7 @@ You can take the following actions to increase the overall security score of you
 - Resume protection on all drives
 - Ensure drive compatibility
 - Fix sensor data collection
-  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 
 For more information, see [Bitlocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
 
@@ -273,14 +273,14 @@ You can take the following actions to increase the overall security score of you
 - Ensure hardware and software prerequisites are met
 - Turn on Credential Guard 
 - Fix sensor data collection
-  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 
 For more information, see [Manage Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
 
 ## Related topics
-- [Overview of Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
+- [Overview of Secure score](overview-secure-score.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
similarity index 71%
rename from windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
index b152fd4194..5dbaa71b01 100644
--- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Security Center Security operations dashboard
+title: Microsoft Defender Security Center Security operations dashboard
 description: Use the dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
 keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
@@ -17,12 +17,12 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Windows Defender Security Center Security operations dashboard
+# Microsoft Defender Security Center Security operations dashboard
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
 
 The **Security operations dashboard** is where the endpoint detection and response capabilities are surfaced. It provides a high level overview of where detections were seen and highlights where response actions are needed. 
 
@@ -54,9 +54,9 @@ You can view the overall number of active alerts from the last 30 days in your n
 
 Each group is further sub-categorized into their corresponding alert severity levels. Click the number of alerts inside each alert ring to see a sorted view of that category's queue (**New** or **In progress**).
 
-For more information see, [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
+For more information see, [Alerts overview](alerts-queue.md).
 
-Each row includes an alert severity category and a short description of the alert. You can click an alert to see its detailed view. For more information see,  [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
+Each row includes an alert severity category and a short description of the alert. You can click an alert to see its detailed view. For more information see,  [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md) and [Alerts overview](alerts-queue.md).
 
 
 
@@ -65,28 +65,28 @@ This tile shows you a list of machines with the highest number of active alerts.
 
 ![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/machines-at-risk-tile.png)
 
-Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
+Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Microsoft Defender Advanced Threat Protection Machines list](investigate-machines.md).
 
-You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
+You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Microsoft Defender Advanced Threat Protection Machines list](investigate-machines.md).
 
 ## Sensor health
-The **Sensor health** tile provides information on the individual machine’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
+The **Sensor health** tile provides information on the individual machine’s ability to provide sensor data to the Microsoft Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
 
 ![Sensor health tile](images/atp-tile-sensor-health.png)
 
 There are two status indicators that provide information on the number of machines that are not reporting properly to the service:
--	**Misconfigured** – These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
-- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
+-	**Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
+- **Inactive** - Machines that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month.
 
 
-When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
+When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor state](check-sensor-status.md) and [Investigate machines](investigate-machines.md).
 
 ## Service health
 The **Service health** tile informs you if the service is active or if there are issues.
 
 ![The Service health tile shows an overall indicator of the service](images/status-tile.png)
 
-For more information on the service health, see [Check the Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md).
+For more information on the service health, see [Check the Microsoft Defender ATP service health](service-status.md).
 
 
 ## Daily machines reporting
@@ -114,7 +114,7 @@ The tile shows you a list of user accounts with the most active alerts and the n
 
 ![User accounts at risk tile shows a list of user accounts with the highest number of alerts and a breakdown of the severity of the alerts](images/atp-users-at-risk.png)
 
-Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
+Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user.md).
 
 ## Suspicious activities
 This tile shows audit events based on detections from various security components.
@@ -123,11 +123,11 @@ This tile shows audit events based on detections from various security component
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink)
 
 ## Related topics
-- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
-- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
-- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md)
+- [Portal overview](portal-overview.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)
 
diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
similarity index 70%
rename from windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/service-status.md
index 6d64ca2629..afa8a14d4f 100644
--- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
@@ -1,6 +1,6 @@
 ---
-title: Check the Windows Defender ATP service health
-description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved.
+title: Check the Microsoft Defender ATP service health
+description: Check Microsoft Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved.
 keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Check the Windows Defender Advanced Threat Protection service health
+# Check the Microsoft Defender Advanced Threat Protection service health
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
 
 The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
 
@@ -38,7 +38,7 @@ The **Service health** details page has the following tabs:
 - **Status history**
 
 ## Current status
-The **Current status** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
+The **Current status** tab shows the current state of the Microsoft Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
 
 - Date and time for when the issue was detected
 - A short description of the issue
@@ -56,4 +56,4 @@ When an issue is resolved, it gets recorded in the **Status history** tab.
 The **Status history** tab reflects all the historical issues that were seen and resolved. You'll see details of the resolved issues along with the other information that were included while it was being resolved.
 
 ### Related topic
-- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
index b64296d1c8..7c6a862b92 100644
--- a/windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@@ -17,16 +17,17 @@ ms.topic: article
 ---
 
 # Stop and quarantine file API
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Stop execution of a file on a machine and delete it.
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +36,8 @@ Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quara
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -59,7 +60,7 @@ Comment |	String |	Comment to associate with the action. **Required**.
 Sha1 |	String	 | Sha1 of the file to stop and quarantine on the machine. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -81,7 +82,7 @@ Content-type: application/json
 
 Here is an example of the response.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 HTTP/1.1 201 Created
diff --git a/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
index cdcdf40b44..c77fa63c0f 100644
--- a/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
@@ -1,6 +1,6 @@
 ---
-title: Supported Windows Defender Advanced Threat Protection response APIs  
-description: Learn about the specific response related Windows Defender Advanced Threat Protection API calls. 
+title: Supported Microsoft Defender Advanced Threat Protection response APIs  
+description: Learn about the specific response related Microsoft Defender Advanced Threat Protection API calls. 
 keywords: response apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,13 +17,13 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Supported Windows Defender ATP query APIs 
+# Supported Microsoft Defender ATP query APIs 
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) 
 
 Learn about the supported response related API calls you can run and details such as the required request headers, and expected response from the calls.
 
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-atp/threat-analytics.md
rename to windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
index 4fe07149cf..8cf55e1e84 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Advanced Threat Protection Threat analytics
+title: Microsoft Defender Advanced Threat Protection Threat analytics
 description: Get a tailored organizational risk evaluation and actionable steps you can take to minimize risks in your organization.
 keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status 
 search.product: eADQiWindows 10XVcnh
@@ -19,12 +19,12 @@ ms.topic: article
 
 # Threat analytics 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats. 
 
-Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help you the assess impact of threats in your environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help you the assess impact of threats in your environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
  
 
 >[!NOTE]
@@ -63,6 +63,3 @@ The **Mitigation status** and **Mitigation status over time** shows the endpoint
 >The Unavailable category indicates that there is no data available from the specific machine yet. 
 
 
-## Related topics
-- [Threat analytics for Spectre and Meltdown](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
rename to windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
similarity index 61%
rename from windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
index 005f30d3e8..7b758a94bc 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
@@ -1,6 +1,6 @@
 ---
-title: Understand threat intelligence concepts in Windows Defender ATP
-description: Create custom threat alerts for your organization and learn the concepts around threat intelligence in Windows Defender Advanced Threat Protection.
+title: Understand threat intelligence concepts in Microsoft Defender ATP
+description: Create custom threat alerts for your organization and learn the concepts around threat intelligence in Microsoft Defender Advanced Threat Protection.
 keywords: threat intelligence, alert definitions, indicators of compromise, ioc
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -20,15 +20,15 @@ ms.topic: conceptual
 # Understand threat intelligence concepts
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) 
 
 Advanced cybersecurity attacks comprise of multiple complex malicious events, attributes, and contextual information. Identifying and deciding which of these activities qualify as suspicious can be a challenging task. Your knowledge of known attributes and abnormal activities specific to your industry is fundamental in knowing when to call an observed behavior as suspicious.
 
-With Windows Defender ATP, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track.
+With Microsoft Defender ATP, you can create custom threat alerts that can help you keep track of possible attack activities in your organization. You can flag suspicious events to piece together clues and possibly stop an attack chain. These custom threat alerts will only appear in your organization and will flag events that you set it to track.
 
 Before creating custom threat alerts, it's important to know the concepts behind alert definitions and indicators of compromise (IOCs) and the relationship between them.
 
@@ -39,9 +39,9 @@ Alert definitions are contextual attributes that can be used collectively to ide
 IOCs are individually-known malicious events that indicate that a network or machine has already been breached. Unlike alert definitions, these indicators are considered as evidence of a breach. They are often seen after an attack has already been carried out and the objective has been reached, such as exfiltration. Keeping track of IOCs is also important during forensic investigations. Although it might not provide the ability to intervene with an attack chain, gathering these indicators can be useful in creating better defenses for possible future attacks.
 
 ## Relationship between alert definitions and IOCs
-In the context of Windows Defender ATP, alert definitions are containers for IOCs and defines the alert, including the metadata that is raised in case of a specific IOC match. Various metadata is provided as part of the alert definitions. Metadata such as alert definition name of attack, severity, and description is provided along with other options. For more information on available metadata options, see [Threat Intelligence API metadata](custom-ti-api-windows-defender-advanced-threat-protection.md#threat-intelligence-api-metadata).
+In the context of Microsoft Defender ATP, alert definitions are containers for IOCs and defines the alert, including the metadata that is raised in case of a specific IOC match. Various metadata is provided as part of the alert definitions. Metadata such as alert definition name of attack, severity, and description is provided along with other options. For more information on available metadata options, see [Threat Intelligence API metadata](custom-ti-api.md#threat-intelligence-api-metadata).
 
-Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Windows Defender ATP console.
+Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender ATP console.
 
 Here is an example of an IOC:
   - Type: Sha1
@@ -51,9 +51,9 @@ Here is an example of an IOC:
 IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
 
 ## Related topics
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
-- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
+- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
+- [Python code examples for the custom threat intelligence API](python-example-code.md)
+- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
+- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
similarity index 60%
rename from windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
rename to windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
index 54a2033aa8..1c97445131 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender ATP in Microsoft Threat Protection
+title: Microsoft Defender ATP in Microsoft Threat Protection
 description: Learn about the capabilities within the Microsoft Threat Protection 
 keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security
 search.product: eADQiWindows 10XVcnh
@@ -21,9 +21,9 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
+Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.
 
 For more information on Microsoft Threat Protection, see [Announcing Microsoft Threat Protection](https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Announcing-Microsoft-Threat-Protection/ba-p/262783).
 
@@ -32,23 +32,23 @@ Microsoft's multiple layers of threat protection across data, applications, devi
 Each layer in the threat protection stack plays a critical role in protecting customers. The deep integration between these layers results in better protected customers.
 
 ## Azure Advanced Threat Protection (Azure ATP)
- Suspicious activities are processes running under a user context. The integration between Windows Defender ATP and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities. 
+ Suspicious activities are processes running under a user context. The integration between Microsoft Defender ATP and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities. 
 
 ## Azure Security Center
-Windows Defender ATP provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
+Microsoft Defender ATP provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
 
 ## Azure Information Protection
 Keep sensitive data secure while enabling productivity in the workplace through data data discovery and data protection.
 
 ## Conditional access
-Windows Defender ATP's dynamic machine risk score is integrated into the conditional access evaluation, ensuring that only secure devices have access to resources. 
+Microsoft Defender ATP's dynamic machine risk score is integrated into the conditional access evaluation, ensuring that only secure devices have access to resources. 
 
 
 ## Microsoft Cloud App Security
-Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
+Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored machines.
 
 ## Office 365 Advanced Threat Protection (Office 365 ATP)
-[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Windows Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. 
+[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. 
 
 ## Skype for Business
 The Skype for Business integration provides s a way for analysts to communicate with a potentially compromised user or device owner through ao simple button from the portal.
@@ -56,7 +56,7 @@ The Skype for Business integration provides s a way for analysts to communicate
 
 
 ## Related topic
-- [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
+- [Protect users, data, and devices with conditional access](conditional-access.md)
 
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
index c95bd47a62..b7440c607e 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
@@ -1,5 +1,5 @@
 ---
-title: Threat protection report in Windows Defender ATP
+title: Threat protection report in Microsoft Defender ATP
 description: Track alert detections, categories, and severity using the threat protection report
 keywords: alert detection, source, alert by category, alert severity, alert classification, determination
 search.product: eADQiWindows 10XVcnh
@@ -17,12 +17,11 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Threat protection report in Windows Defender ATP
+# Threat protection report in Microsoft Defender ATP
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-[!include[Prerelease information](prerelease.md)]
 
 The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time.
 
@@ -52,7 +51,7 @@ While the alert trends shows trending alert information, the alert summary shows
 ## Alert attributes
 The report is made up of cards that display the following alert attributes:
 
-- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Windows Defender ATP to trigger alerts.
+- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Microsoft Defender ATP to trigger alerts.
 
 - **Threat categories**: shows the types of threat or attack activity that triggered alerts, indicating possible focus areas for your security operations.
 
@@ -79,4 +78,4 @@ For example, to show data about high-severity alerts only:
 3. Select **Apply**. 
 
 ## Related topic
-- [Machine health and compliance report](machine-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Machine health and compliance report](machine-reports.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
similarity index 64%
rename from windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
index f9dd490e81..4d110a041b 100644
--- a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
@@ -17,21 +17,23 @@ ms.topic: article
 ---
 
 # Indicator resource type
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Method|Return Type |Description
 :---|:---|:---
-[List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
-[Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
-[Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[List Indicators](get-ti-indicators-collection.md) | [Indicator](ti-indicator.md) Collection | List [Indicator](ti-indicator.md) entities.
+[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
+[Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
 
 - See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal: 
 
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
-indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity.
 indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
 title | String | Indicator alert title.
 creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.
diff --git a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
similarity index 56%
rename from windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/time-settings.md
index ea1cc5d2b6..3275739c27 100644
--- a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Security Center time zone settings
+title: Microsoft Defender Security Center time zone settings
 description: Use the menu to configure the time zone and view license information.
 keywords: settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
 search.product: eADQiWindows 10XVcnh
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Windows Defender Security Center time zone settings
+# Microsoft Defender Security Center time zone settings
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-settings-abovefoldlink)
 
 Use the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png) to configure the time zone and view license information.
 
@@ -33,25 +33,25 @@ The aspect of time is important in the assessment and analysis of perceived and
 
 Cyberforensic investigations often rely on time stamps to piece together the sequence of events. It’s important that your system reflects the correct time zone settings.
 
-Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time.
+Microsoft Defender ATP can display either Coordinated Universal Time (UTC) or local time.
 
-Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
+Your current time zone setting is shown in the Microsoft Defender ATP menu. You can change the displayed time zone in the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
 
 ### UTC time zone
-Windows Defender ATP uses UTC time by default.
+Microsoft Defender ATP uses UTC time by default.
 
-Setting the Windows Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events.
+Setting the Microsoft Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events.
 
 ### Local time zone
-You can choose to have Windows Defender ATP use local time zone settings. All alerts and events will be displayed using your local time zone.
+You can choose to have Microsoft Defender ATP use local time zone settings. All alerts and events will be displayed using your local time zone.
 
-The local time zone is taken from your machine’s regional settings. If you change your regional settings, the Windows Defender ATP time zone will also change. Choosing this setting means that the timestamps displayed in Windows Defender ATP will be aligned to local time for all Windows Defender ATP users. Analysts located in different global locations will now see the Windows Defender ATP alerts according to their regional settings.
+The local time zone is taken from your machine’s regional settings. If you change your regional settings, the Microsoft Defender ATP time zone will also change. Choosing this setting means that the timestamps displayed in Microsoft Defender ATP will be aligned to local time for all Microsoft Defender ATP users. Analysts located in different global locations will now see the Microsoft Defender ATP alerts according to their regional settings.
 
 Choosing to use local time can be useful if the analysts are located in a single location. In this case it might be easier to correlate events to local time, for example – when a local user clicked on a suspicious email link.
 
 ### Set the time zone
-The Windows Defender ATP time zone is set by default to UTC.
-Setting the time zone also changes the times for all Windows Defender ATP views.
+The Microsoft Defender ATP time zone is set by default to UTC.
+Setting the time zone also changes the times for all Microsoft Defender ATP views.
 To set the time zone:
 
 1.	Click the **Time zone** menu ![Time zone settings icon](images/atp-time-zone.png).
@@ -59,7 +59,7 @@ To set the time zone:
 3.	Select **Timezone UTC** or your local time zone, for example -7:00. 
 
 ### Regional settings
-To apply different date formats for Windows Defender ATP, use regional settings for Internet Explorer (IE) and Microsoft Edge (Edge). If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser. 
+To apply different date formats for Microsoft Defender ATP, use regional settings for Internet Explorer (IE) and Microsoft Edge (Edge). If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser. 
 
 
 **Internet Explorer (IE) and Microsoft Edge**
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md
similarity index 66%
rename from windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md
index 96753d16e3..159081aa19 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md
@@ -1,6 +1,6 @@
 ---
-title: Troubleshoot custom threat intelligence issues in Windows Defender ATP
-description: Troubleshoot issues that might arise when using the custom threat intelligence feature in Windows Defender ATP.
+title: Troubleshoot custom threat intelligence issues in Microsoft Defender ATP
+description: Troubleshoot issues that might arise when using the custom threat intelligence feature in Microsoft Defender ATP.
 keywords: troubleshoot, custom threat intelligence, custom ti, rest api, api, alert definitions, indicators of compromise
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,10 +17,11 @@ ms.collection: M365-security-compliance
 ms.topic: troubleshooting
 ---
 
-# Troubleshoot custom threat intelligence issues
+# Troubleshoot custom threat intelligence issues (Deprecated)
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You might need to troubleshoot issues while using the custom threat intelligence feature.
 
@@ -47,13 +48,13 @@ If your client secret expires or if you've misplaced the copy provided when you
 7. Copy the value and save it in a safe place.
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootcustomti-belowfoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootcustomti-belowfoldlink) 
 
 
 ## Related topics
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
-- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
-- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
-- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Understand threat intelligence concepts](threat-indicator-concepts.md)
+- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
+- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
+- [Python code examples for the custom threat intelligence API](python-example-code.md)
+- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md
similarity index 53%
rename from windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md
index 95c591fbec..3df5dd590d 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md
@@ -1,7 +1,7 @@
 ---
-title:  Troubleshoot Windows Defender Advanced Threat Protection service issues
+title:  Troubleshoot Microsoft Defender Advanced Threat Protection service issues
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
-keywords: troubleshoot Windows Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
+keywords: troubleshoot Microsoft Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -26,7 +26,7 @@ If you encounter a server error when trying to access the service, you’ll need
 Configure your browser to allow cookies.
 
 ## Elements or data missing on the portal
-If some UI elements or data is missing on Windows Defender Security Center it’s possible that proxy settings are blocking it.
+If some UI elements or data is missing on Microsoft Defender Security Center it’s possible that proxy settings are blocking it.
 
 Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
 
@@ -34,15 +34,15 @@ Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
 > [!NOTE]
 > You must use the HTTPS protocol when adding the following endpoints.
 
-## Windows Defender ATP service shows event or error logs in the Event Viewer
+## Microsoft Defender ATP service shows event or error logs in the Event Viewer
 
-See the topic [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
+See the topic [Review events and errors using Event Viewer](event-error-codes.md) for a list of event IDs that are reported by the Microsoft Defender ATP service. The topic also contains troubleshooting steps for event errors.
 
-## Windows Defender ATP service fails to start after a reboot and shows error 577
+## Microsoft Defender ATP service fails to start after a reboot and shows error 577
 
-If onboarding machines successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
+If onboarding machines successfully completes but Microsoft Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
 
-For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
+For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
 
 ## Known issues with regional formats
 
@@ -62,15 +62,15 @@ The following date and time formats are currently not supported:
 **Use of comma to indicate thousand**<br>
 Support of use of comma as a separator in numbers are not supported. Regions where a number is separated with a comma to indicate a thousand, will only see the use of a dot as a separator. For example, 15,5K is displayed as 15.5K.
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshoot-belowfoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshoot-belowfoldlink)
 
-## Windows Defender ATP tenant was automatically created in Europe
-When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created. The Windows Defender ATP data is stored in Europe by default.
+## Microsoft Defender ATP tenant was automatically created in Europe
+When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
 
 
 
 
 
 ## Related topics
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-- [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Review events and errors using Event Viewer](event-error-codes.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
similarity index 68%
rename from windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
index 4541e327e6..504b2e910d 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
@@ -1,6 +1,6 @@
 ---
 title: Troubleshoot onboarding issues and error messages
-description: Troubleshoot onboarding issues and error message while completing setup of Windows Defender Advanced Threat Protection.
+description: Troubleshoot onboarding issues and error message while completing setup of Microsoft Defender Advanced Threat Protection.
 keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, windows defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -20,19 +20,20 @@ ms.topic: troubleshooting
 # Troubleshoot subscription and portal access issues
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink)
 
 
-This page provides detailed steps to troubleshoot issues that might occur when setting up your Windows Defender ATP service.
+This page provides detailed steps to troubleshoot issues that might occur when setting up your Microsoft Defender ATP service.
 
-If you receive an error message, Windows Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied.
+If you receive an error message, Microsoft Defender Security Center will provide a detailed explanation on what the issue is and relevant links will be supplied.
 
 ## No subscriptions found
 
-If while accessing Windows Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Windows Defender ATP license.
+If while accessing Microsoft Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Microsoft Defender ATP license.
 
 Potential reasons:
 - The Windows E5 and Office E5 licenses are separate licenses.
@@ -40,14 +41,14 @@ Potential reasons:
     - It could be a license provisioning issue.
     - It could be you inadvertently provisioned the license to a different Microsoft AAD than the one used for authentication into the service.
 
-For both cases you should contact Microsoft support at [General Windows Defender ATP Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or
+For both cases you should contact Microsoft support at [General Microsoft Defender ATP Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or
 [Volume license support](https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx).
 
 ![Image of no subscriptions found](images\atp-no-subscriptions-found.png)
 
 ## Your subscription has expired
 
-If while accessing Windows Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date. 
+If while accessing Microsoft Defender Security Center you get a **Your subscription has expired** message, your online service subscription has expired. Microsoft Defender ATP subscription, like any other online service subscription, has an expiration date. 
 
 You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license.
 
@@ -58,7 +59,7 @@ You can choose to renew or extend the license at any point in time. When accessi
 
 ## You are not authorized to access the portal
 
-If you receive a **You are not authorized to access the portal**, be aware that Windows Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user.
+If you receive a **You are not authorized to access the portal**, be aware that Microsoft Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user.
 For more information see, [**Assign user access to the portal**](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection).
 
 ![Image of not authorized to access portal](images\atp-not-authorized-to-access-portal.png)
@@ -88,4 +89,4 @@ crl.microsoft.com`
 
 
 ## Related topics
-- [Validate licensing provisioning and complete setup for Windows Defender ATP](licensing-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Validate licensing provisioning and complete setup for Microsoft Defender ATP](licensing.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
similarity index 70%
rename from windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
index 38a88cfe19..36fe7db04c 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
@@ -1,312 +1,312 @@
----
-title: Troubleshoot Windows Defender ATP onboarding issues
-description: Troubleshoot issues that might arise during the onboarding of machines or to the Windows Defender ATP service.
-keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: troubleshooting
----
-
-# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
-
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-- Windows Server 2012 R2
-- Windows Server 2016
-
-
-
-You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
-This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines.
-
-If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an onboarding or connectivity problem.
-
-## Troubleshoot onboarding when deploying with Group Policy
-Deployment with Group Policy is done by running the onboarding script on the machines.  The Group Policy console does not indicate if the deployment has succeeded or not.
-
-If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script).
-
-If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
-
-## Troubleshoot onboarding issues when deploying with System Center Configuration Manager
-When onboarding machines using the following versions of System Center Configuration Manager:
-- System Center 2012 Configuration Manager
-- System Center 2012 R2 Configuration Manager
-- System Center Configuration Manager (current branch) version 1511
-- System Center Configuration Manager (current branch) version 1602
-
-
-Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the machines. You can track the deployment in the Configuration Manager Console.
-
-If the deployment fails, you can check the output of the script on the machines.
-
-If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
-
-## Troubleshoot onboarding when deploying with a script
-
-**Check the result of the script on the machine**:
-1. Click **Start**, type **Event Viewer**, and press **Enter**.
-
-2. Go to **Windows Logs** > **Application**.
-
-3. Look for an event from **WDATPOnboarding** event source.
-
-If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
-> [!NOTE]
-> The following event IDs are specific to the onboarding script only.
-
-Event ID | Error Type | Resolution steps
-:---|:---|:---
-5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
-10 | Onboarding data couldn't be written to registry |  Check the permissions on the registry, specifically<br> ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.<br>Verify that the script was ran as an administrator.
-15 |  Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). <br> <br> If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
-15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions.
-30 |  The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-65 | Insufficient privileges| Run the script again with administrator privileges.
-
-## Troubleshoot onboarding issues using Microsoft Intune
-You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
-
-If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. 
-
-Use the following tables to understand the possible causes of issues while onboarding:
-
-- Microsoft Intune error codes and OMA-URIs table
-- Known issues with non-compliance table
-- Mobile Device Management (MDM) event logs table
-
-If none of the event logs and troubleshooting steps work, download the Local script from the **Machine management** section of the portal, and run it in an elevated command prompt.  
-
-**Microsoft Intune error codes and OMA-URIs**:
-
-
-Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
-:---|:---|:---|:---|:---
-0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-machine-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
- | | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection``` <br> <br> If it doesn't exist, open an elevated command and add the key.
- | | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
- || | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported.
- 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient.  | All |  **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional.
-
-<br>
-**Known issues with non-compliance**
-
-The following table provides information on issues with non-compliance and how you can address the issues.
-
-Case | Symptoms | Possible cause and troubleshooting steps
-:---|:---|:---
-1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already. <br><br> **Troubleshooting steps:** Wait for OOBE to complete.
-2 |  Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. |  **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start. <br><br> **Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
-3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time.
-
-<br>
-**Mobile Device Management (MDM) event logs**
-
-View the MDM event logs to troubleshoot issues that might arise during onboarding:
-
-Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider
-
-Channel name: Admin
-
-ID | Severity | Event description | Troubleshooting steps
-:---|:---|:---|:---
-1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
-
-## Troubleshoot onboarding issues on the machine
-If the deployment tools used does not indicate an error in the onboarding process, but machines are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
-- [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-machine-event-log)
-- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
-- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
-- [Ensure the machine has an Internet connection](#ensure-the-machine-has-an-internet-connection)
-- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
-
-
-### View agent onboarding errors in the machine event log
-
-1. Click **Start**, type **Event Viewer**, and press **Enter**.
-
-2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**.
-
-  > [!NOTE]
-	> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
-
-3. Select **Operational** to load the log.
-
-4. In the **Action** pane, click **Filter Current log**.
-
-5. On the **Filter** tab, under **Event level:** select **Critical**, **Warning**, and **Error**, and click **OK**.
-
-  ![Image of Event Viewer log filter](images/filter-log.png)
-
-6. Events which can indicate issues will appear in the **Operational** pane. You can attempt to troubleshoot them based on the solutions in the following table:
-
-Event ID | Message | Resolution steps
-:---|:---|:---
-5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection).
-6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md).
-7 |  Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection), then run the entire onboarding process again.
-9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). <br><br>If the event happened during offboarding, contact support.
-10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). <br><br>If the problem persists, contact support.
-15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection).
-17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). If the problem persists, contact support.
-25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
-27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support.
-29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the machine has Internet access, then run the entire offboarding process again.
-30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender Advanced Threat Protection. Failure code: %1 | Contact support.
-32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine.
-55 | Failed to create the Secure ETW autologger. Failure code: %1	| Reboot the machine.
-63 | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4	| Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type.
-64 |	Starting stopped external service. Name: %1, exit code: %2 |	Contact support if the event keeps re-appearing.
-68 | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3	| Identify what is causing changes in start type. Fix mentioned service start type.
-69 |	The service is stopped. Service name: %1	| Start the mentioned service. Contact support if persists.
-
-<br>
-There are additional components on the machine that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
-
-<span id="ensure-the-diagnostics-service-is-enabled" />
-### Ensure the diagnostic data service is enabled
-If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the machine. The service might have been disabled by other programs or user configuration changes.
-
-First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
-
-### Ensure the service is set to start
-
-**Use the command line to check the Windows 10 diagnostic data service startup type**:
-
-1.  Open an elevated command-line prompt on the machine:
-
-  a.  Click **Start**, type **cmd**, and press **Enter**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc qc diagtrack
-    ```
-
-    If the service is enabled, then the result should look like the following screenshot:
-
-    ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
-
-    If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
-
-
-**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
-
-1.  Open an elevated command-line prompt on the machine:
-
-  a.  Click **Start**, type **cmd**, and press **Enter**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc config diagtrack start=auto
-    ```
-
-3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
-
-    ```text
-    sc qc diagtrack
-    ```
-
-4. Start the service.
-
-  a. In the command prompt, type the following command and press **Enter**:
-
-  ```text
-  sc start diagtrack
-  ```
-
-### Ensure the machine has an Internet connection
-
-The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
-
-WinHTTP is independent of the Internet browsing proxy settings and other user context applications and must be able to detect the proxy servers that are available in your particular environment.
-
-To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls) topic.
-
-If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic.
-
-### Ensure that Windows Defender Antivirus is not disabled by a policy
-**Problem**: The Windows Defender ATP service does not start after onboarding.
-
-**Symptom**: Onboarding successfully completes, but you see error 577 when trying to start the service.
-
-**Solution**: If your machines are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
-
-- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
-
-  - DisableAntiSpyware
-  - DisableAntiVirus
-
-  For example, in Group Policy there should be no entries such as the following values:
-
-  - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
-  - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiVirus"/></Key>```
--  After clearing the policy, run the onboarding steps again.
-
-- You can also check the following registry key values to verify that the policy is disabled:
-
-  1. Open the registry ```key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender```.
-  2. Ensure that the value ```DisableAntiSpyware``` is not present.
-
-    ![Image of registry key for Windows Defender Antivirus](images/atp-disableantispyware-regkey.png)
-
-
-## Troubleshoot onboarding issues on a server
-If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
-
-- [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-mma)
-- [Ensure that the server proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
-
-You might also need to check the following:
-- Check that there is a Windows Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
-
-    ![Image of process view with Windows Defender Advanced Threat Protection Service running](images/atp-task-manager.png)
-
-- Check **Event Viewer** > **Applications and Services Logs** > **Operation Manager** to see if there are any errors.
-
-- In **Services**, check if the **Microsoft Monitoring Agent** is running on the server. For example, 
-
-    ![Image of Services](images/atp-services.png)
-
-- In **Microsoft Monitoring Agent** > **Azure Log Analytics (OMS)**, check the Workspaces and verify that the status is running. 
-
-    ![Image of Microsoft Monitoring Agent Properties](images/atp-mma-properties.png)
-
-- Check to see that machines are reflected in the **Machines list** in the portal. 
-
-
-## Licensing requirements
-Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
-
-  -	Windows 10 Enterprise E5
-  -	Windows 10 Education E5
-  - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
-
-For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootonboarding-belowfoldlink)
-
-
-## Related topics
-- [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
-- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
-- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-
+---
+title: Troubleshoot Microsoft Defender ATP onboarding issues
+description: Troubleshoot issues that might arise during the onboarding of machines or to the Microsoft Defender ATP service.
+keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: troubleshooting
+---
+
+# Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Windows Server 2012 R2
+- Windows Server 2016
+
+
+
+You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues.
+This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines.
+
+If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, it might indicate an onboarding or connectivity problem.
+
+## Troubleshoot onboarding when deploying with Group Policy
+Deployment with Group Policy is done by running the onboarding script on the machines.  The Group Policy console does not indicate if the deployment has succeeded or not.
+
+If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script).
+
+If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
+
+## Troubleshoot onboarding issues when deploying with System Center Configuration Manager
+When onboarding machines using the following versions of System Center Configuration Manager:
+- System Center 2012 Configuration Manager
+- System Center 2012 R2 Configuration Manager
+- System Center Configuration Manager (current branch) version 1511
+- System Center Configuration Manager (current branch) version 1602
+
+
+Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the machines. You can track the deployment in the Configuration Manager Console.
+
+If the deployment fails, you can check the output of the script on the machines.
+
+If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur.
+
+## Troubleshoot onboarding when deploying with a script
+
+**Check the result of the script on the machine**:
+1. Click **Start**, type **Event Viewer**, and press **Enter**.
+
+2. Go to **Windows Logs** > **Application**.
+
+3. Look for an event from **WDATPOnboarding** event source.
+
+If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
+> [!NOTE]
+> The following event IDs are specific to the onboarding script only.
+
+Event ID | Error Type | Resolution steps
+:---|:---|:---
+5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
+10 | Onboarding data couldn't be written to registry |  Check the permissions on the registry, specifically<br> ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.<br>Verify that the script was ran as an administrator.
+15 |  Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). <br> <br> If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
+15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions.
+30 |  The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md).
+35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md).
+40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md).
+65 | Insufficient privileges| Run the script again with administrator privileges.
+
+## Troubleshoot onboarding issues using Microsoft Intune
+You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
+
+If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. 
+
+Use the following tables to understand the possible causes of issues while onboarding:
+
+- Microsoft Intune error codes and OMA-URIs table
+- Known issues with non-compliance table
+- Mobile Device Management (MDM) event logs table
+
+If none of the event logs and troubleshooting steps work, download the Local script from the **Machine management** section of the portal, and run it in an elevated command prompt.  
+
+**Microsoft Intune error codes and OMA-URIs**:
+
+
+Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
+:---|:---|:---|:---|:---
+0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-machine-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+ | | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Microsoft Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection``` <br> <br> If it doesn't exist, open an elevated command and add the key.
+ | | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+ || | | All | **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported.
+ 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient.  | All |  **Possible cause:** Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional.
+
+<br>
+**Known issues with non-compliance**
+
+The following table provides information on issues with non-compliance and how you can address the issues.
+
+Case | Symptoms | Possible cause and troubleshooting steps
+:---|:---|:---
+1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already. <br><br> **Troubleshooting steps:** Wait for OOBE to complete.
+2 |  Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. |  **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start. <br><br> **Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
+3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time.
+
+<br>
+**Mobile Device Management (MDM) event logs**
+
+View the MDM event logs to troubleshoot issues that might arise during onboarding:
+
+Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider
+
+Channel name: Admin
+
+ID | Severity | Event description | Troubleshooting steps
+:---|:---|:---|:---
+1819 | Error | Microsoft Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
+
+## Troubleshoot onboarding issues on the machine
+If the deployment tools used does not indicate an error in the onboarding process, but machines are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent:
+- [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-machine-event-log)
+- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
+- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
+- [Ensure the machine has an Internet connection](#ensure-the-machine-has-an-internet-connection)
+- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
+
+
+### View agent onboarding errors in the machine event log
+
+1. Click **Start**, type **Event Viewer**, and press **Enter**.
+
+2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**.
+
+  > [!NOTE]
+	> SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender ATP.
+
+3. Select **Operational** to load the log.
+
+4. In the **Action** pane, click **Filter Current log**.
+
+5. On the **Filter** tab, under **Event level:** select **Critical**, **Warning**, and **Error**, and click **OK**.
+
+  ![Image of Event Viewer log filter](images/filter-log.png)
+
+6. Events which can indicate issues will appear in the **Operational** pane. You can attempt to troubleshoot them based on the solutions in the following table:
+
+Event ID | Message | Resolution steps
+:---|:---|:---
+5 | Microsoft Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection).
+6 | Microsoft Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script.md).
+7 |  Microsoft Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection), then run the entire onboarding process again.
+9 | Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script.md). <br><br>If the event happened during offboarding, contact support.
+10 | Microsoft Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script.md). <br><br>If the problem persists, contact support.
+15 | Microsoft Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the machine has Internet access](#ensure-the-machine-has-an-internet-connection).
+17 | Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script.md). If the problem persists, contact support.
+25 | Microsoft Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
+27 | Failed to enable Microsoft Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support.
+29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the machine has Internet access, then run the entire offboarding process again.
+30 | Failed to disable $(build.sense.productDisplayName) mode in Microsoft Defender Advanced Threat Protection. Failure code: %1 | Contact support.
+32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine.
+55 | Failed to create the Secure ETW autologger. Failure code: %1	| Reboot the machine.
+63 | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4	| Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type.
+64 |	Starting stopped external service. Name: %1, exit code: %2 |	Contact support if the event keeps re-appearing.
+68 | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3	| Identify what is causing changes in start type. Fix mentioned service start type.
+69 |	The service is stopped. Service name: %1	| Start the mentioned service. Contact support if persists.
+
+<br>
+There are additional components on the machine that the Microsoft Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
+
+<span id="ensure-the-diagnostics-service-is-enabled" />
+### Ensure the diagnostic data service is enabled
+If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the machine. The service might have been disabled by other programs or user configuration changes.
+
+First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
+
+### Ensure the service is set to start
+
+**Use the command line to check the Windows 10 diagnostic data service startup type**:
+
+1.  Open an elevated command-line prompt on the machine:
+
+  a.  Click **Start**, type **cmd**, and press **Enter**.
+
+  b.  Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+    If the service is enabled, then the result should look like the following screenshot:
+
+    ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
+
+    If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
+
+
+**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
+
+1.  Open an elevated command-line prompt on the machine:
+
+  a.  Click **Start**, type **cmd**, and press **Enter**.
+
+  b.  Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc config diagtrack start=auto
+    ```
+
+3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+4. Start the service.
+
+  a. In the command prompt, type the following command and press **Enter**:
+
+  ```text
+  sc start diagtrack
+  ```
+
+### Ensure the machine has an Internet connection
+
+The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
+
+WinHTTP is independent of the Internet browsing proxy settings and other user context applications and must be able to detect the proxy servers that are available in your particular environment.
+
+To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls) topic.
+
+If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) topic.
+
+### Ensure that Windows Defender Antivirus is not disabled by a policy
+**Problem**: The Microsoft Defender ATP service does not start after onboarding.
+
+**Symptom**: Onboarding successfully completes, but you see error 577 when trying to start the service.
+
+**Solution**: If your machines are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
+
+- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
+
+  - DisableAntiSpyware
+  - DisableAntiVirus
+
+  For example, in Group Policy there should be no entries such as the following values:
+
+  - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
+  - ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiVirus"/></Key>```
+-  After clearing the policy, run the onboarding steps again.
+
+- You can also check the following registry key values to verify that the policy is disabled:
+
+  1. Open the registry ```key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender```.
+  2. Ensure that the value ```DisableAntiSpyware``` is not present.
+
+    ![Image of registry key for Windows Defender Antivirus](images/atp-disableantispyware-regkey.png)
+
+
+## Troubleshoot onboarding issues on a server
+If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
+
+- [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints.md#server-mma)
+- [Ensure that the server proxy and Internet connectivity settings are configured properly](configure-server-endpoints.md#server-proxy)
+
+You might also need to check the following:
+- Check that there is a Microsoft Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
+
+    ![Image of process view with Microsoft Defender Advanced Threat Protection Service running](images/atp-task-manager.png)
+
+- Check **Event Viewer** > **Applications and Services Logs** > **Operation Manager** to see if there are any errors.
+
+- In **Services**, check if the **Microsoft Monitoring Agent** is running on the server. For example, 
+
+    ![Image of Services](images/atp-services.png)
+
+- In **Microsoft Monitoring Agent** > **Azure Log Analytics (OMS)**, check the Workspaces and verify that the status is running. 
+
+    ![Image of Microsoft Monitoring Agent Properties](images/atp-mma-properties.png)
+
+- Check to see that machines are reflected in the **Machines list** in the portal. 
+
+
+## Licensing requirements
+Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+
+  -	Windows 10 Enterprise E5
+  -	Windows 10 Education E5
+  - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
+
+For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
+
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootonboarding-belowfoldlink)
+
+
+## Related topics
+- [Troubleshoot Microsoft Defender ATP](troubleshoot-mdatp.md)
+- [Onboard machines](onboard-configure.md)
+- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-wdatp.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-atp/troubleshoot-wdatp.md
rename to windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md
index f0636c3363..800b62bffd 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-wdatp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md
@@ -1,6 +1,6 @@
 ---
-title: Troubleshoot Windows Defender Advanced Threat Protection capabilities
-description: Find solutions to issues on sensor state, service issues, or other Windows Defender ATP capabilities 
+title: Troubleshoot Microsoft Defender Advanced Threat Protection capabilities
+description: Find solutions to issues on sensor state, service issues, or other Microsoft Defender ATP capabilities 
 keywords: troubleshoot, sensor, state, service, issues, attack surface reduction, next generation protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: troubleshooting
 ---
 
-#  Troubleshoot Windows Defender Advanced Threat Protection 
+#  Troubleshoot Microsoft Defender Advanced Threat Protection 
 
-Troubleshoot issues that might arise as you use Windows Defender ATP capabilities.
+Troubleshoot issues that might arise as you use Microsoft Defender ATP capabilities.
 
 ## In this section
 Topic | Description 
 :---|:---
-Troubleshoot sensor state | Find solutions for issues related to the Windows Defender ATP sensor
+Troubleshoot sensor state | Find solutions for issues related to the Microsoft Defender ATP sensor
 Troubleshoot service issues | Fix issues related to the Windows Defender Advanced Threat service
 Troubleshoot attack surface reduction | Fix issues related to network protection and attack surface reduction rules
 Troubleshoot next generation protection | If you encounter a problem with antivirus, you can search the tables in this topic to find a matching issue and potential solution
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
similarity index 72%
rename from windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
index a859c2f21b..bd119b7e76 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
@@ -1,6 +1,6 @@
 ---
-title: Troubleshoot SIEM tool integration issues in Windows Defender ATP
-description: Troubleshoot issues that might arise when using SIEM tools with Windows Defender ATP.
+title: Troubleshoot SIEM tool integration issues in Microsoft Defender ATP
+description: Troubleshoot issues that might arise when using SIEM tools with Microsoft Defender ATP.
 keywords: troubleshoot, siem, client secret, secret
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -20,7 +20,7 @@ ms.topic: troubleshooting
 # Troubleshoot SIEM tool integration issues
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 
@@ -76,11 +76,11 @@ If you encounter an error when trying to enable the SIEM connector application,
 
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) 
 
 ## Related topics
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender ATP alerts](configure-arcsight.md)
+- [Configure Splunk to pull Microsoft Defender ATP alerts](configure-splunk.md)
+- [Microsoft Defender ATP alert API fields](api-portal-mapping.md)
+- [Pull Microsoft Defender ATP alerts using REST API](pull-alerts-using-rest-api.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md
rename to windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
index bcfc51d9e5..b75141cd42 100644
--- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@@ -18,15 +18,17 @@ ms.topic: article
 ---
 
 # Release machine from isolation API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Undo isolation of a machine.
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -35,8 +37,8 @@ Delegated (work or school account) |	Machine.Isolate |	'Isolate machine'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -59,7 +61,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -68,7 +70,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
@@ -103,5 +105,5 @@ Content-type: application/json
 
 ```
 
-To isolate a machine, see [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
+To isolate a machine, see [Isolate machine](isolate-machine.md).
 
diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
index 24e1453c32..59018d6b33 100644
--- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@@ -17,15 +17,17 @@ ms.topic: article
 ---
 
 # Remove app restriction API
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Enable execution of any application on the machine.
 
 [!include[Machine actions note](machineactionsnote.md)]
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -34,8 +36,8 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -56,7 +58,7 @@ Parameter |	Type	| Description
 Comment |	String | Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -65,7 +67,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution 
@@ -98,4 +100,4 @@ Content-type: application/json
 
 ```
 
-To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md).
\ No newline at end of file
+To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md
rename to windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index 4f1fe6545e..ca069f5c81 100644
--- a/windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -16,14 +16,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Update alert 
+# Update alert
+
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Update the properties of an alert entity.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -32,8 +34,8 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -60,7 +62,7 @@ determination | String | Specifies the determination of the alert. The property
 
 
 ## Response
-If successful, this method returns 200 OK, and the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found.
+If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found.
 
 
 ## Example
@@ -69,7 +71,7 @@ If successful, this method returns 200 OK, and the [alert](alerts-windows-defend
 
 Here is an example of the request.
 
-[!include[Improve request performance](improverequestperformance-new.md)]
+[!include[Improve request performance](improve-request-performance.md)]
 
 ```
 PATCH https://api.securitycenter.windows.com/api/alerts/121688558380765161_2136280442
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
new file mode 100644
index 0000000000..6a2ea321b9
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
@@ -0,0 +1,30 @@
+---
+title: Microsoft Defender ATP APIs
+description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
+keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Microsoft Defender ATP APIs
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+## In this section
+Topic | Description
+:---|:---
+[Microsoft Defender ATP API overview](apis-intro.md) | Learn how to access Microsoft Defender ATP APIs.
+[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about how you can run API calls to individual supported entities, and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts.md), [domain related alerts](get-domain-related-alerts.md), or even actions such as [isolate machine](isolate-machine.md).
+How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md b/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md
new file mode 100644
index 0000000000..97e6d3e2de
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md
@@ -0,0 +1,45 @@
+---
+title: Use the custom threat intelligence API to create custom alerts
+description: Use the threat intelligence API in Microsoft Defender Advanced Threat Protection to create custom alerts
+keywords: threat intelligence, alert definitions, indicators of compromise
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+ms.date: 04/24/2018
+---
+
+# Use the threat intelligence API to create custom alerts (Deprecated)
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>[!TIP]
+>This topic has been deprecated. See [Indicators](ti-indicator.md) for the updated content.
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
+
+Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
+
+You can use the code examples to guide you in creating calls to the custom threat intelligence API.
+
+## In this section
+
+Topic | Description
+:---|:---
+[Understand threat intelligence concepts](threat-indicator-concepts.md) |  Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization.
+[Enable the custom threat intelligence application](enable-custom-ti.md) | Set up the custom threat intelligence application through Microsoft Defender Security Center so that you can create custom threat intelligence (TI) using REST API.
+[Create custom threat intelligence alerts](custom-ti-api.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization.
+[PowerShell code examples](powershell-example-code.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API.
+[Python code examples](python-example-code.md) | Use the Python code examples to guide you in using the custom threat intelligence API.
+[Experiment with custom threat intelligence alerts](experiment-custom-ti.md) | This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API.
+[Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md) | Learn how to address possible issues you might encounter while using the threat intelligence API.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use.md b/windows/security/threat-protection/microsoft-defender-atp/use.md
new file mode 100644
index 0000000000..5b80236d1c
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/use.md
@@ -0,0 +1,43 @@
+---
+title: Overview of Microsoft Defender Security Center
+description: Learn about the features on Microsoft Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
+keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Overview of Microsoft Defender Security Center
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
+
+Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities.
+
+Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
+
+Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
+
+Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown.
+
+### In this section
+
+Topic | Description
+:---|:---
+[Portal overview](portal-overview.md) | Understand the portal layout and area descriptions.
+[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
+[View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify machines for the presence or absence of mitigations.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
similarity index 66%
rename from windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index ab60042a21..b680c1471d 100644
--- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -20,13 +20,13 @@ ms.topic: article
 # Create and manage roles for role-based access control
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-roles-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-roles-abovefoldlink)
 
 ## Create roles and assign the role to an Azure Active Directory group
-The following steps guide you on how to create roles in Windows Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
+The following steps guide you on how to create roles in Microsoft Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
 
 1.	In the navigation pane, select **Settings > Roles**.
 
@@ -43,9 +43,21 @@ The following steps guide you on how to create roles in Windows Defender Securit
           - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and machine groups.
             
             >[!NOTE]
-            >This setting is only available in the Windows Defender ATP administrator (default) role. 
+            >This setting is only available in the Microsoft Defender ATP administrator (default) role. 
 
 		  - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications.
+
+		  - **Live response capabilities** - Users can take basic or advanced live response commands. <br>
+			- Basic commands allow users to:
+			- Start a live response session
+			- Run read only live response commands on a remote machine 
+			- Advanced commands allow users to:
+			- Run basic actions
+			- Download a file from the remote machine
+			- View a script from the files library
+			- Run a script on the remote machine from the files library take read and write commands. 
+			
+			For more information on the available commands, see [Investigate machines using Live response](live-response.md).
 		  
 4.	Click **Next** to assign the role to an Azure AD group.
 
@@ -77,5 +89,5 @@ After creating roles, you'll need to create a machine group and provide access t
 
 
 ##Related topic
-- [User basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
-- [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [User basic permissions to access the portal](basic-permissions.md)
+- [Create and manage machine groups](machine-groups.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md
new file mode 100644
index 0000000000..78ca770fa9
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/user.md
@@ -0,0 +1,27 @@
+---
+title: File resource type
+description: Retrieves top recent alerts.
+keywords: apis, graph api, supported apis, get, alerts, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# User resource type
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Method|Return Type |Description
+:---|:---|:---
+[List User related alerts](get-user-related-alerts.md) | [alert](alerts.md) collection |  List all the alerts that are associated with a [user](user.md).
+[List User related machines](get-user-related-machines.md) | [machine](machine.md) collection | List all the machines that were logged on by a [user](user.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
rename to windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
index 10af5a5e7c..fd35fe6c4d 100644
--- a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@@ -17,9 +17,9 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# View and organize the Windows Defender Advanced Threat Protection Incidents queue
+# View and organize the Microsoft Defender Advanced Threat Protection Incidents queue
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
@@ -72,6 +72,6 @@ Use this filter to choose between focusing on incidents flagged as true or false
 
 ## Related topics
 - [Incidents queue](incidents-queue.md)
-- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
-- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
+- [Manage incidents](manage-incidents.md)
+- [Investigate incidents](investigate-incidents.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
new file mode 100644
index 0000000000..aa642d1c55
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -0,0 +1,123 @@
+---
+title: What's new in Microsoft Defender ATP
+description: Lists the new features and functionality in Microsoft Defender ATP
+keywords: what's new in windows defender atp
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: secure
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# What's new in Microsoft Defender ATP
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+The following features are generally available (GA) in the latest release of Microsoft Defender ATP as well as security features in Windows 10 and Windows Server.
+
+
+For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
+
+## May 2019
+
+- [Threat protection reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)<BR>The threat protection report provides high-level information about alerts generated in your organization. 
+
+
+- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.  
+
+- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/ti-indicator) <BR> APIs for indicators are now generally available. 
+
+
+- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications) <BR> Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+
+
+## April 2019
+- [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts#targeted-attack-notification) <BR> Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
+
+- [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use-apis) <BR> Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. 
+
+
+
+## February 2019
+- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Microsoft Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats. 
+
+- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows machines so that they can send sensor data to the Microsoft Defender ATP sensor.
+
+
+## October 2018
+- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)<BR>All Attack surface reduction rules are now supported on Windows Server 2019.
+
+- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<BR> Controlled folder access is now supported on Windows Server 2019.
+
+- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)<BR>With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. 
+
+- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)<BR> Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
+
+- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)<BR> Microsoft Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Microsoft Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
+
+- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)<BR>Microsoft Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
+
+- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)<BR> iOS and Android devices are now supported and can be onboarded to the service.
+
+- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)<BR>
+Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+
+- New in Windows 10 version 1809, there are two new attack surface reduction rules: 
+  -	Block Adobe Reader from creating child processes
+  -	Block Office communication application from creating child processes.
+  
+- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+    - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
+    - Windows Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security.
+    - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans.
+
+
+  
+## March 2018
+- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <BR>
+Query data using Advanced hunting in Microsoft Defender ATP.
+
+- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)<BR>
+    New attack surface reduction rules: 
+  -	Use advanced protection against ransomware
+  -	Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+  - Block process creations originating from PSExec and WMI commands
+  - Block untrusted and unsigned processes that run from USB
+  - Block executable content from email client and webmail
+
+- [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<BR> Use Automated investigations to investigate and remediate threats.
+
+    >[!NOTE]
+    >Available from Windows 10, version 1803 or later.
+
+- [Conditional access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br> Enable conditional access to better protect users, devices, and data.
+
+- [Microsoft Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)<BR> 
+    The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
+
+- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<BR>
+You can now block untrusted processes from writing to disk sectors using Controlled Folder Access.
+
+- [Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection)<BR>
+    Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
+
+- [Role-based access control (RBAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)<BR>
+    Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal.
+
+
+- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)<BR>
+Windows Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus).
+
+    Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus).
+
+
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index bb4bb74070..12f446cb26 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -103,7 +103,7 @@ Windows Defender Antivirus in Windows 10 uses a multi-pronged approach to improv
 
 For more information, see [Windows Defender in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) and [Windows Defender Overview for Windows Server](https://technet.microsoft.com/windows-server-docs/security/windows-defender/windows-defender-overview-windows-server).
 
-For information about Windows Defender Advanced Threat Protection, a service that helps enterprises to detect, investigate, and respond to advanced and targeted attacks on their networks, see [Windows Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) (resources) and [Windows Defender Advanced Threat Protection (ATP)](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-advanced-threat-protection) (documentation).
+For information about Microsoft Defender Advanced Threat Protection, a service that helps enterprises to detect, investigate, and respond to advanced and targeted attacks on their networks, see [Microsoft Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) (resources) and [Microsoft Defender Advanced Threat Protection (ATP)](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) (documentation).
 
 ### Data Execution Prevention
 
@@ -442,13 +442,13 @@ Examples:
 
 #### EMET-related products
 
-Microsoft Consulting Services (MCS) and Microsoft Support/Premier Field Engineering (PFE) offer a range of options for EMET, support for EMET, and EMET-related reporting and auditing products such as the EMET Enterprise Reporting Service (ERS). For any enterprise customers who use such products today or who are interested in similar capabilities, we recommend evaluating [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) (ATP).
+Microsoft Consulting Services (MCS) and Microsoft Support/Premier Field Engineering (PFE) offer a range of options for EMET, support for EMET, and EMET-related reporting and auditing products such as the EMET Enterprise Reporting Service (ERS). For any enterprise customers who use such products today or who are interested in similar capabilities, we recommend evaluating [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) (ATP).
 
 ## Related topics
 
 - [Security and Assurance in Windows Server 2016](https://technet.microsoft.com/windows-server-docs/security/security-and-assurance)
-- [Windows Defender Advanced Threat Protection (ATP) - resources](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
-- [Windows Defender Advanced Threat Protection (ATP) - documentation](windows-defender-atp/windows-defender-advanced-threat-protection.md)
+- [Microsoft Defender Advanced Threat Protection (ATP) - resources](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
+- [Microsoft Defender Advanced Threat Protection (ATP) - documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection)
 - [Exchange Online Advanced Threat Protection Service Description](https://technet.microsoft.com/library/exchange-online-advanced-threat-protection-service-description.aspx)
 - [Office 365 Advanced Threat Protection](https://products.office.com/en-us/exchange/online-email-threat-protection)
 - [Microsoft Malware Protection Center](https://www.microsoft.com/en-us/security/portal/mmpc/default.aspx)
diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
index 7cd6b91162..95a0914890 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
@@ -38,26 +38,11 @@ Constant: SeIncreaseBasePriorityPrivilege
 
 ### Best practices
 
--   Allow the default value, Administrators and Window Manager/Window Manager Group, as the only accounts responsible for controlling process scheduling priorities.
+-   Retain the default value as the only accounts responsible for controlling process scheduling priorities.
 
 ### Location
 
 Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment
-
-### Default values
-
-By default this setting is Administrators on domain controllers and on stand-alone servers.
-
-The following table lists the actual and effective default policy values. Default values are also listed on the policy’s property page.
-
-| Server type or GPO | Default value |
-| - | - |
-| Default Domain Policy| Not defined| 
-| Default Domain Controller Policy| Not defined| 
-| Stand-Alone Server Default Settings | Administrators and Window Manager/Window Manager Group| 
-| Domain Controller Effective Default Settings | Administrators and Window Manager/Window Manager Group| 
-| Member Server Effective Default Settings | Administrators and Window Manager/Window Manager Group|
-| Client Computer Effective Default Settings | Administrators and Window Manager/Window Manager Group| 
  
 ## Policy management
 
@@ -97,3 +82,4 @@ None. Restricting the **Increase scheduling priority** user right to members of
 ## Related topics
 
 - [User Rights Assignment](user-rights-assignment.md)
+- [Increase scheduling priority for Windows Server 2012 and earlier](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn221960(v%3dws.11))
diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
index 61bd6e91de..d1d493ca47 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index 2d08b48bfe..c27ea9d49d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 12/10/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 12/10/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can perform various Windows Defender Antivirus functions with the dedicated command-line tool mpcmdrun.exe.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
index b2246f6bc2..901c6c4995 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can manage and configure Windows Defender Antivirus with the following tools:
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
index 5714563915..88526a1351 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 10/25/2018
 
@@ -19,7 +19,7 @@ ms.date: 10/25/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 **Use Microsoft Intune to configure scanning options**
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
index ad62a5c02a..6ca524eb64 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@@ -9,30 +9,27 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
-ms.date: 04/29/2019
+ms.date: 05/01/2019
 ---
 
 # Enable block at first sight
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Block at first sight is a feature of next gen protection that provides a way to detect and block new malware within seconds.
 
-It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. You can use group policy settings to confirm the feature is enabled.
+It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. 
 
 You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file.
 
 You can also [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL.
 
-> [!IMPORTANT]
-> There is no specific individual setting in System Center Configuration Manager to enable or disable block at first sight. It is enabled by default when the pre-requisite settings are configured correctly. You must use Group Policy settings to enable or disable the feature.
-
 >[!TIP]
->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
+>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
 
 ## How it works
 
@@ -48,7 +45,7 @@ In many cases, this process can reduce the response time for new malware from ho
 
 ## Confirm and validate that block at first sight is enabled
 
-Block at first sight requires a number of Group Policy settings to be configured correctly or it will not work. These settings are enabled by default in most enterprise Windows Defender Antivirus deployments.
+Block at first sight requires a number of settings to be configured correctly or it will not work. These settings are enabled by default in most enterprise Windows Defender Antivirus deployments.
 
 ### Confirm block at first sight is enabled with Intune
 
@@ -64,6 +61,8 @@ Block at first sight requires a number of Group Policy settings to be configured
    - **Time extension for file scanning by the cloud**: **50**
    - **Prompt users before sample submission**: **Send all data without prompting**
 
+   ![Intune config](images/defender/intune-block-at-first-sight.png)
+
 For more information about configuring Windows Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
 
 For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus).
@@ -123,7 +122,7 @@ Block at first sight is automatically enabled as long as **Cloud-based protectio
 
 1. Open the Windows Security app by clicking the shield icon in the task bar.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Virus & threat protection settings**:
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Manage Settings** under **Virus & threat protection settings**:
 
  ![Screenshot of the Virus & threat protection settings label in the Windows Security app](images/defender/wdav-protection-settings-wdsc.png)
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
index d7ffbcbafd..1db5465f6e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md).
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
index d72265f76a..bc655530db 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can configure how users of the endpoints on your network can interact with Windows Defender Antivirus.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
index 430acbec64..354dd5cf6b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 492af0b7b7..3d0eb6ba8b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 12/10/2018
 ---
@@ -18,7 +18,10 @@ ms.date: 12/10/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+> [!IMPORTANT]
+> [Windows Defender Advanced Threat Protection ](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection) does not adhere to Windows Defender Antivirus exclusion settings. This means that any Windows Defender exclusions, no matter how you created them, are not applied by Windows Defender ATP.
 
 You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
index 9feb4b7840..3670b50c42 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 By default, Windows Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index 71db8e1517..b895c48fac 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 10/08/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 10/08/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers.
 
@@ -27,7 +27,7 @@ This topic lists the connections that must be allowed, such as by using firewall
 See the Enterprise Mobility and Security blog post [Important changes to Microsoft Active Protection Services endpoint](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/) for some details about network connectivity.
 
 >[!TIP]
->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
+>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
 >
 >- Cloud-delivered protection
 >- Fast learning (including block at first sight)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
index 9874e1fe22..4da87e4759 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
index 15f82314e7..0d029074a7 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 12/10/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 12/10/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can exclude files that have been opened by specific processes from Windows Defender Antivirus scans.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
index de47e8d1a8..3c50b7b45c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus uses several methods to provide threat protection:
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
index 84cef362eb..594dcb0971 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 11/13/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 11/13/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
index d09e59a96a..7d76d8a3ca 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
index 64037f0090..c56a79193a 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ---
 
@@ -17,7 +17,7 @@ ms.author: v-anbic
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus on Windows Server 2016 computers automatically enrolls you in certain exclusions, as defined by your specified server role. See [the end of this topic](#list-of-automatic-exclusions) for a list of these exclusions.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
index 862b5513c4..168cab8841 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can configure Windows Defender Antivirus with a number of tools, including:
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
index b719577c49..ee7a843321 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Windows Defender Antivirus scans.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
index 5d587e3b8d..3dee12bfa2 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can deploy, manage, and report on Windows Defender Antivirus in a number of ways.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
index df219115d7..dbdd57f33f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender Antivirus protection.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
index 1bf3ab9c2f..fe13cfa820 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 In addition to standard on-premises or hardware configurations, you can also use Windows Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index 3d7368b36a..1e2938b2f4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: detect
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 10/02/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 10/02/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network.
 
@@ -33,7 +33,7 @@ Typical PUA behavior includes:
 These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.
 
 >[!TIP]
->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
 ## How it works
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 787c9a85ad..a2f69a956b 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 >[!NOTE]
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
index c937715d4a..05165e019c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,12 +18,12 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Use this guide to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications.
 
 >[!TIP]
->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work:
+>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work:
 >- Cloud-delivered protection
 >- Fast learning (including Block at first sight)
 >- Potentially unwanted application blocking
diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png
new file mode 100644
index 0000000000..dc000099d3
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/intune-block-at-first-sight.png differ
diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
index 93ef8703d6..36df0b6adf 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -20,7 +20,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
index ce5dd02552..d23ba3dc74 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
index 9a77e63d64..38ca9e9c62 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
index 4f8774109a..29534e1b63 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus lets you determine when it should look for and download updates.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index f05c21e0b5..2b0abfb132 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 <a id="protection-updates"></a>
 <!-- this has been used as anchor in VDI content -->
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 99e2c737d9..f9883aa6c4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 There are two types of updates related to keeping Windows Defender Antivirus up to date:
 1. Protection updates
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
index 93a9e45f84..b6b70e86ce 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Mobile devices and VMs may require additional configuration to ensure performance is not impacted by updates.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
new file mode 100644
index 0000000000..5652662325
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
@@ -0,0 +1,120 @@
+---
+title: Installing Microsoft Defender ATP for Mac manually
+description: Describes how to install Microsoft Defender ATP for Mac manually, from the command line.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Manual deployment
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+>[!IMPORTANT]
+>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+## Prerequisites and system requirements
+
+Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+
+## Download installation and onboarding packages
+
+Download the installation and onboarding packages from Windows Defender Security Center:
+
+1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
+3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+
+    ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
+
+5. From a command prompt, verify that you have the two files.
+    Extract the contents of the .zip files:
+  
+    ```bash
+   mavel-macmini:Downloads test$ ls -l
+    total 721152
+    -rw-r--r--  1 test  staff       6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
+    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
+    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+    Archive:  WindowsDefenderATPOnboardingPackage.zip
+    inflating: WindowsDefenderATPOnboarding.py
+    ```
+
+## Application installation
+
+To complete this process, you must have admin privileges on the machine.
+
+1. Navigate to the downloaded wdav.pkg in Finder and open it.
+
+    ![App install screenshot](images/MDATP_28_AppInstall.png)
+
+2. Select **Continue**, agree with the License terms, and enter the password when prompted.
+
+    ![App install screenshot](images/MDATP_29_AppInstallLogin.png)
+
+   > [!IMPORTANT]
+   > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
+
+   ![App install screenshot](images/MDATP_30_SystemExtension.png)
+
+3. Select **Open Security Preferences**  or **Open System Preferences > Security & Privacy**. Select **Allow**:
+
+    ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png)
+
+The installation will proceed.
+
+> [!NOTE]
+> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time.
+
+## Client configuration
+
+1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
+
+    The client machine is not associated with orgId.  Note that the orgid is blank.
+
+    ```bash
+    mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+    uuid  : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
+    orgid :
+    ```
+
+2. Install the configuration file on a client machine:
+
+    ```bash
+    mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
+    Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
+    ```
+
+3. Verify that the machine is now associated with orgId:
+
+    ```bash
+    mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+    uuid  : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
+    orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
+    ```
+
+After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
+
+   ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
+
+## Logging installation issues
+
+See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+
+## Uninstallation
+
+See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
new file mode 100644
index 0000000000..15bfabbd53
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
@@ -0,0 +1,170 @@
+---
+title: Installing Microsoft Defender ATP for Mac with Microsoft Intune
+description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Microsoft Intune-based deployment
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+>[!IMPORTANT]
+>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+## Prerequisites and system requirements
+
+Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+
+## Download installation and onboarding packages
+
+Download the installation and onboarding packages from Windows Defender Security Center:
+
+1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
+3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
+
+    ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
+
+6. From a command prompt, verify that you have the three files.
+    Extract the contents of the .zip files:
+
+    ```bash
+    mavel-macmini:Downloads test$ ls -l
+    total 721688
+    -rw-r--r--  1 test  staff     269280 Mar 15 11:25 IntuneAppUtil
+    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
+    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
+    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+    Archive:  WindowsDefenderATPOnboardingPackage.zip
+    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
+      inflating: intune/kext.xml
+      inflating: intune/WindowsDefenderATPOnboarding.xml
+      inflating: jamf/WindowsDefenderATPOnboarding.plist
+    mavel-macmini:Downloads test$
+    ```
+
+7. Make IntuneAppUtil an executable:
+
+    ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
+
+8. Create the wdav.pkg.intunemac package from wdav.pkg:
+
+    ```bash
+    mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
+    Microsoft Intune Application Utility for Mac OS X
+    Version: 1.0.0.0
+    Copyright 2018 Microsoft Corporation
+
+    Creating intunemac file for /Users/test/Downloads/wdav.pkg
+    Composing the intunemac file output
+    Output written to ./wdav.pkg.intunemac.
+
+    IntuneAppUtil successfully processed "wdav.pkg",
+    to deploy refer to the product documentation.
+    ```
+
+## Client Machine Setup
+
+You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
+
+1. You'll be asked to confirm device management.
+
+![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
+
+Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
+
+![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
+
+2. Select the **Continue** button and complete the enrollment.
+
+You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
+
+3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
+
+![Add Devices screenshot](images/MDATP_5_allDevices.png)
+
+## Create System Configuration profiles
+
+1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
+2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
+3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
+4. Select **OK**.
+
+    ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
+
+5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+6. Repeat these steps with the second profile.  
+7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file.
+8. Select **Manage > Assignments**.  In the Include tab, select **Assign to All Users & All devices**.
+
+After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
+
+![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
+
+## Publish application
+
+1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
+2. Select **App type=Other/Line-of-business app**.
+3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
+4. Select **Configure** and add the required information.
+5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
+
+    ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png)
+
+6. Select **OK** and **Add**.
+
+    ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png)
+
+7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
+
+    ![Client apps screenshot](images/MDATP_10_ClientApps.png)
+
+8. Change **Assignment type=Required**.
+9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
+
+    ![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
+
+10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
+
+    ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
+
+## Verify client machine state
+
+1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences  > Profiles**.
+
+    ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
+    ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
+
+2. Verify the three profiles listed there:
+    ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
+
+3. The **Management Profile** should be the Intune system profile.
+4. wdav-config and wdav-kext are system configuration profiles that we added in Intune.
+5. You should also see the Microsoft Defender icon in the top-right corner:
+
+    ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
+
+## Logging installation issues
+
+See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+
+## Uninstallation
+
+See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
new file mode 100644
index 0000000000..d0ad4df2aa
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@@ -0,0 +1,205 @@
+---
+title: Installing Microsoft Defender ATP for Mac with JAMF
+description: Describes how to install Microsoft Defender ATP for Mac, using JAMF.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# JAMF-based deployment
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+>[!IMPORTANT]
+>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+## Prerequisites and system requirements
+
+Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+
+In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow.
+
+## Download installation and onboarding packages
+
+Download the installation and onboarding packages from Windows Defender Security Center:
+
+1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
+3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
+
+    ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
+
+5. From a command prompt, verify that you have the two files.
+    Extract the contents of the .zip files:
+
+    ```bash
+    mavel-macmini:Downloads test$ ls -l
+    total 721160
+    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
+    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
+    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+    Archive:  WindowsDefenderATPOnboardingPackage.zip
+    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
+    inflating: intune/kext.xml
+     inflating: intune/WindowsDefenderATPOnboarding.xml
+     inflating: jamf/WindowsDefenderATPOnboarding.plist
+    mavel-macmini:Downloads test$
+    ```
+
+## Create JAMF Policies
+
+You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
+
+### Configuration Profile
+
+The configuration profile contains one custom settings payload that includes:
+
+- Microsoft Defender ATP for Mac onboarding information
+- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
+
+1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
+
+    >[!NOTE]
+    > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
+
+    ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png)
+
+### Approved Kernel Extension
+
+To approve the kernel extension:
+
+1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
+2. Use **UBF8T346G9** for Team Id.
+
+![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
+
+#### Configuration Profile's Scope
+
+Configure the appropriate scope to specify the machines that will receive this configuration profile.
+
+Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers.
+
+![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png)
+
+Save the **Configuration Profile**.
+
+Use the **Logs** tab to monitor deployment status for each enrolled machine.
+
+### Package
+
+1. Create a package in **Settings > Computer Management > Packages**.
+
+    ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png)
+
+2. Upload wdav.pkg to the Distribution Point.
+3. In the **filename** field, enter the name of the package. For example, wdav.pkg.
+
+### Policy
+
+Your policy should contain a single package for Microsoft Defender.
+
+![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png)
+
+Configure the appropriate scope to specify the computers that will receive this policy.
+
+After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
+
+## Client machine setup
+
+You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
+
+> [!NOTE]
+> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
+
+1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
+
+![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png)
+![MDM screenshot](images/MDATP_22_MDMProfileApproved.png)
+
+After some time, the machine's User Approved MDM status will change to Yes.
+
+![MDM status screenshot](images/MDATP_23_MDMStatus.png)
+
+You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
+
+## Deployment
+
+Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
+
+### Status on server
+
+You can monitor the deployment status in the Logs tab:
+
+- **Pending** means that the deployment is scheduled but has not yet happened
+- **Completed** means that the deployment succeeded and is no longer scheduled
+
+![Status on server screenshot](images/MDATP_24_StatusOnServer.png)
+
+### Status on client machine
+
+After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
+
+![Status on client screenshot](images/MDATP_25_StatusOnClient.png)
+
+After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
+
+![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
+
+You can monitor policy installation on a machine by following the JAMF's log file:
+
+```bash
+    mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
+    Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
+    Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
+    Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
+    Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
+    Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
+    Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
+    Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
+```
+
+You can also check the onboarding status:
+
+```bash
+    mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+    uuid            : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
+    orgid           : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
+    orgid managed   : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
+    orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
+```
+
+- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set.
+
+- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed.
+
+## Check onboarding status
+
+You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
+
+```bash
+    sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
+```
+
+This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
+
+## Logging installation issues
+
+See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+
+## Uninstallation
+
+See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
new file mode 100644
index 0000000000..7f138a6ca7
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
@@ -0,0 +1,157 @@
+---
+title: Microsoft Defender ATP for Mac Resources
+description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product.
+keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: v-maave
+author: martyav
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Resources
+
+**Applies to:**
+
+[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+>[!IMPORTANT]
+>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+## Collecting diagnostic information
+
+If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
+
+1. Increase logging level:
+
+```bash
+   mavel-mojave:~ testuser$ mdatp log-level --verbose
+   Creating connection to daemon
+   Connection established
+   Operation succeeded
+```
+
+2. Reproduce the problem
+
+3. Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file.
+
+   ```bash
+   mavel-mojave:~ testuser$ mdatp --diagnostic
+   Creating connection to daemon
+   Connection established
+   "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
+   ```
+
+4. Restore logging level:
+
+   ```bash
+   mavel-mojave:~ testuser$ mdatp log-level --info
+   Creating connection to daemon
+   Connection established
+   Operation succeeded
+   ```
+
+## Logging installation issues
+
+If an error occurs during installation, the installer will only report a general failure.
+
+The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
+
+## Uninstalling
+
+There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+
+### Within the GUI
+
+- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
+
+### From the command line
+
+- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
+
+### With a script
+
+Create a script in **Settings > Computer Management > Scripts**.
+
+![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png)
+
+For example, this script removes Microsoft Defender ATP from the /Applications directory:
+
+```bash
+   echo "Is WDAV installed?"
+   ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
+
+   echo "Uninstalling WDAV..."
+   rm -rf '/Applications/Microsoft Defender ATP.app'
+
+   echo "Is WDAV still installed?"
+   ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
+
+   echo "Done!"
+```
+
+### With a JAMF policy
+
+If you are running JAMF, your policy should contain a single script:
+
+![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png)
+
+Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
+
+## Configuring from the command line
+
+Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
+
+|Group        |Scenario                                   |Command                                                                |
+|-------------|-------------------------------------------|-----------------------------------------------------------------------|
+|Configuration|Turn on/off real-time protection           |`mdatp config --rtp [true/false]`                                      |
+|Configuration|Turn on/off cloud protection               |`mdatp config --cloud [true/false]`                                    |
+|Configuration|Turn on/off product diagnostics            |`mdatp config --diagnostic [true/false]`                               |
+|Configuration|Turn on/off automatic sample submission    |`mdatp config --sample-submission [true/false]`                        |
+|Configuration|Turn on PUA protection                     |`mdatp threat --type-handling --potentially_unwanted_application block`|
+|Configuration|Turn off PUA protection                    |`mdatp threat --type-handling --potentially_unwanted_application off`  |
+|Configuration|Turn on audit mode for PUA protection      |`mdatp threat --type-handling --potentially_unwanted_application audit`|
+|Diagnostics  |Change the log level                       |`mdatp log-level --[error/warning/info/verbose]`                       |
+|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic`                                                   |
+|Health       |Check the product's health                 |`mdatp --health`                                                       |
+|Protection   |Scan a path                                |`mdatp scan --path [path]`                                             |
+|Protection   |Do a quick scan                            |`mdatp scan --quick`                                                   |
+|Protection   |Do a full scan                             |`mdatp scan --full`                                                    |
+|Protection   |Cancel an ongoing on-demand scan           |`mdatp scan --cancel`                                                  |
+|Protection   |Request a definition update                |`mdatp --signature-update`                                             |
+
+## Microsoft Defender ATP portal information
+
+In the Microsoft Defender ATP portal, you'll see two categories of information:
+
+- AV alerts, including:
+  - Severity
+  - Scan type
+  - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
+  - File information (name, path, size, and hash)
+  - Threat information (name, type, and state)
+- Device information, including:
+  - Machine identifier
+  - Tenant identifier
+  - App version
+  - Hostname
+  - OS type
+  - OS version
+  - Computer model
+  - Processor architecture
+  - Whether the device is a virtual machine
+
+## Known issues
+
+- Not fully optimized for performance or disk space yet.
+- Full Windows Defender ATP integration is not available yet.
+- Mac devices that switch networks may appear multiple times in the APT portal.
+- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index f643a3b454..d1d0dbd9cd 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -20,20 +20,48 @@ ms.topic: conceptual
 # Microsoft Defender ATP for Mac
 
 >[!IMPORTANT]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-This topic describes how to install and use Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. 
-Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. 
+This topic describes how to install and use Microsoft Defender ATP for Mac.
+
+## What’s new in the public preview
+
+We've been working hard through the private preview period, and we've heard your concerns. We've reduced the delay for when new Mac devices appear in the ATP console after they've been deployed. We've improved threat handling, and enhanced the user experience. We've also made numerous bug fixes. Other updates to Microsoft Defender ATP for Mac include:
+
+- Full accessibility
+- Improved performance
+- Localization for 37 languages
+- Improved anti-tampering protections
+- Feedback and samples can now be submitted via the GUI.
+- Product health can be queried with JAMF or the command line.
+- Admins can set their cloud preference for any location, not just for those in the US.
+
+## Installing and configuring
+
+There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+In general you'll need to take the following steps:
+
+- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
+- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
+  - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
+  - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
+  - [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
+
+### Prerequisites
 
-## Prerequisites
 You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.
 
-You should also have access to Windows Defender Security Center.
+You should also have access to Microsoft Defender Security Center.
 
 ### System Requirements
-Microsoft Defender ATP for Mac system requirements:
+
 - macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
-- Disk space during preview: 1GB 
+- Disk space during preview: 1GB
+
+Beta versions of macOS are not supported.
+
+> [!CAUTION]
+> Running other third-party endpoint protection along with Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects.
 
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
@@ -45,462 +73,14 @@ The following table lists the services and their associated URLs that your netwo
 
 To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://wu-cdn.x.cp.wd.microsoft.com/` in a browser, or run the following command in Terminal:
 
-```
+```bash
     mavel-mojave:~ testuser$ curl 'https://x.cp.wd.microsoft.com/api/report'
     OK
 ```
 
-We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. 
+We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines.
 SIP is a built-in macOS security feature that prevents low-level tampering with the OS.
 
-## Installation and configuration overview
-There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. 
-In general you'll need to take the following steps:
-  - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
-  - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
-    * [Microsoft Intune based deployment](#microsoft-intune-based-deployment)
-    * [JAMF based deployment](#jamf-based-deployment)
-    * [Manual deployment](#manual-deployment)
+## Resources
 
-## Microsoft Intune based deployment
-
-### Download installation and onboarding packages
-Download the installation and onboarding packages from Windows Defender Security Center:
-1.  In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2.  In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
-3.  In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
-4.  In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
-5.  Download IntuneAppUtil from https://docs.microsoft.com/en-us/intune/lob-apps-macos.
-
-    ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
-
-6. From a command prompt, verify that you have the three files. 
-    Extract the contents of the .zip files:
-    
-    ```
-    mavel-macmini:Downloads test$ ls -l
-    total 721688
-    -rw-r--r--  1 test  staff     269280 Mar 15 11:25 IntuneAppUtil
-    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
-    Archive:  WindowsDefenderATPOnboardingPackage.zip
-    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
-      inflating: intune/kext.xml
-      inflating: intune/WindowsDefenderATPOnboarding.xml
-      inflating: jamf/WindowsDefenderATPOnboarding.plist
-    mavel-macmini:Downloads test$
-    ```
-7.  Make IntuneAppUtil an executable:
-
-    ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
-
-8. Create the wdav.pkg.intunemac package from wdav.pkg:
-
-    ```
-    mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
-    Microsoft Intune Application Utility for Mac OS X
-    Version: 1.0.0.0
-    Copyright 2018 Microsoft Corporation
-
-    Creating intunemac file for /Users/test/Downloads/wdav.pkg
-    Composing the intunemac file output
-    Output written to ./wdav.pkg.intunemac.
-
-    IntuneAppUtil successfully processed "wdav.pkg",
-    to deploy refer to the product documentation.
-    ```
-
-### Client Machine Setup
-You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
-
-1. You'll be asked to confirm device management.
-
-![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
-
-Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
-
-![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
-
-2. Select the **Continue** button and complete the enrollment.
-
-You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
-
-3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
-
-![Add Devices screenshot](images/MDATP_5_allDevices.png)
-
-### Create System Configuration profiles
-1.  In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
-2.  Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
-3.  Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
-4.  Select **OK**.
-
-    ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
-
-5.  Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
-7.  Repeat these steps with the second profile.  
-8.  Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. 
-9.  Select **Manage > Assignments**.  In the Include tab, select **Assign to All Users & All devices**.
-
-After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
-
-![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
-
-### Publish application
-
-1.  In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
-2.  Select **App type=Other/Line-of-business app**.
-3.  Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
-4.  Select **Configure** and add the required information.
-5.  Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
-
-    ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png)
-
-6. Select **OK** and **Add**.
- 
-    ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png)
-
-7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
-
-    ![Client apps screenshot](images/MDATP_10_ClientApps.png)
-
-8. Change **Assignment type=Required**.
-9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
-
-    ![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
-
-10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
-
-    ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
-
-### Verify client machine state
-1.  After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences  > Profiles**.
-
-    ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
-    ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
-
-2. Verify the three profiles listed there:
-    ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
-
-3.  The **Management Profile** should be the Intune system profile.
-4.  wdav-config and wdav-kext are system configuration profiles that we added in Intune.
-5.  You should also see the Microsoft Defender icon in the top-right corner:
-
-    ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
-
-## JAMF based deployment
-### Prerequsites
-You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. 
-
-
-### Download installation and onboarding packages
-Download the installation and onboarding packages from Windows Defender Security Center:
-1.  In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2.  In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
-3.  In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
-4.  In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
-
-    ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
-
-5. From a command prompt, verify that you have the two files. 
-    Extract the contents of the .zip files:
-    
-    ```
-    mavel-macmini:Downloads test$ ls -l
-    total 721160
-    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
-    Archive:  WindowsDefenderATPOnboardingPackage.zip
-    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
-    inflating: intune/kext.xml
-     inflating: intune/WindowsDefenderATPOnboarding.xml
-     inflating: jamf/WindowsDefenderATPOnboarding.plist
-    mavel-macmini:Downloads test$
-    ``` 
-
-### Create JAMF Policies
-You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
-
-#### Configuration Profile
-The configuration profile contains one custom settings payload that includes:
-
-- Microsoft Defender ATP for Mac onboarding information 
-- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
-
-
-1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
-
-    >[!NOTE]
-    > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
-
-    ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png)
-
-#### Approved Kernel Extension
-
-To approve the kernel extension:
-1.  In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
-2.  Use **UBF8T346G9** for Team Id.
-
-![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
-
-#### Configuration Profile's Scope 
-Configure the appropriate scope to specify the machines that will receive this configuration profile.
-
-Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. 
-
-![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png)
-
-Save the **Configuration Profile**.
-
-Use the **Logs** tab to monitor deployment status for each enrolled machine.
-
-#### Package
-1. Create a package in **Settings > Computer Management > Packages**.
-
-    ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png)
-
-2. Upload wdav.pkg to the Distribution Point. 
-3. In the **filename** field, enter the name of the package. For example, wdav.pkg.
-
-#### Policy
-Your policy should contain a single package for Microsoft Defender.
-
-![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png)
-
-Configure the appropriate scope to specify the computers that will receive this policy.
-
-After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
-
-### Client machine setup
-You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
-
-> [!NOTE]
->  After a computer is enrolled, it will show up in the Computers inventory (All Computers). 
-
-1.  Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
-
-![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png)
-![MDM screenshot](images/MDATP_22_MDMProfileApproved.png)
-
-After some time, the machine's User Approved MDM status will change to Yes. 
-
-![MDM status screenshot](images/MDATP_23_MDMStatus.png)
-
-You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
-
-### Deployment
-Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
-
-#### Status on server
-You can monitor the deployment status in the Logs tab:
- - **Pending** means that the deployment is scheduled but has not yet happened 
- - **Completed** means that the deployment succeeded and is no longer scheduled
-
-![Status on server screenshot](images/MDATP_24_StatusOnServer.png)
-
-
-#### Status on client machine
-After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
-
-![Status on client screenshot](images/MDATP_25_StatusOnClient.png)
-
-After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
-
-![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
-
-You can monitor policy installation on a machine by following the JAMF's log file:
-
-```
-mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
-Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
-Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
-Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
-Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
-Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
-Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
-Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
-```
-
-You can also check the onboarding status:
-```
-mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
-uuid            : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
-orgid           : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
-orgid managed   : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
-orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
-```
-
-- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set.
-
-- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed.
-
-### Uninstalling Microsoft Defender ATP for Mac
-#### Uninstalling with a script
-
-Create a script in **Settings > Computer Management > Scripts**.
-
-![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png)
-
-For example, this script removes Microsoft Defender ATP from the /Applications directory:
-
-```
-echo "Is WDAV installed?"
-ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
-
-echo "Uninstalling WDAV..."
-rm -rf '/Applications/Microsoft Defender ATP.app'
-
-echo "Is WDAV still installed?"
-ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
-
-echo "Done!"
-```
-
-#### Uninstalling with a policy
-Your policy should contain a single script:
-
-![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png)
-
-Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
-
-### Check onboarding status
-
-You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
-
-```
-sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
-```
-
-This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
-
-## Manual deployment
-
-### Download installation and onboarding packages
-Download the installation and onboarding packages from Windows Defender Security Center:
-1.  In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2.  In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
-3.  In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
-4.  In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
-
-    ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
-
-5. From a command prompt, verify that you have the two files. 
-    Extract the contents of the .zip files:
-    
-    ```
-   mavel-macmini:Downloads test$ ls -l
-    total 721152
-    -rw-r--r--  1 test  staff       6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
-    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
-    Archive:  WindowsDefenderATPOnboardingPackage.zip
-    inflating: WindowsDefenderATPOnboarding.py
-    ``` 
-
-### Application installation
-To complete this process, you must have admin privileges on the machine.
-
-1. Navigate to the downloaded wdav.pkg in Finder and open it.
-
-    ![App install screenshot](images/MDATP_28_AppInstall.png)
-
-2. Select **Continue**, agree with the License terms, and enter the password when prompted.
-
-    ![App install screenshot](images/MDATP_29_AppInstallLogin.png)
-
-   > [!IMPORTANT]
-   > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
-
-   ![App install screenshot](images/MDATP_30_SystemExtension.png)
-
-3. Select **Open Security Preferences**  or **Open System Preferences > Security & Privacy**. Select **Allow**:
-
-    ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png)
-
-
-The installation will proceed.
-
-> [!NOTE]
-> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time.
-
-### Client configuration
-1.  Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
-
-    The client machine is not associated with orgId.  Note that the orgid is blank.
-
-    ```
-    mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
-    uuid  : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
-    orgid :
-    ```
-2.  Install the configuration file on a client machine:
-
-    ```
-    mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
-    Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
-    ```
-
-3.  Verify that the machine is now associated with orgId:
-
-    ```
-    mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
-    uuid  : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
-    orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
-    ```
-After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
-
-   ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
-
-## Uninstallation
-### Removing Microsoft Defender ATP from Mac devices
-To remove Microsoft Defender ATP from your macOS devices:
-
-- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
-
-Or, from a command line:
-
-- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
-
-## Known issues
-- Microsoft Defender ATP is not yet optimized for performance or disk space.
-- Centrally managed uninstall using Intune is still in development. To uninstall (as a workaround) a manual uninstall action has to be completed on each client device).
-- Geo preference for telemetry traffic is not yet supported. Cloud traffic (definition updates) routed to US only.
-- Full Windows Defender ATP integration is not yet available
-- Not localized yet
-- There might be accessibility issues 
-
-## Collecting diagnostic information
-If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
-
-1) Increase logging level:
-```
-    mavel-mojave:~ testuser$ mdatp log-level --verbose
-    Creating connection to daemon
-    Connection established
-    Operation succeeded
-```
-
-2) Reproduce the problem
-
-3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file.
-
-    ```
-    mavel-mojave:~ testuser$ mdatp --diagnostic
-    Creating connection to daemon
-    Connection established
-    "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
-    ```    
-   
-4) Restore logging level:
-```
-    mavel-mojave:~ testuser$ mdatp log-level --info
-    Creating connection to daemon
-    Connection established
-    Operation succeeded
-```
-
-   
-### Installation issues
-If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
+For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources.md) page.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md
index 8c12b9ff9d..f9457d3f21 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/oldTOC.md
@@ -1,7 +1,7 @@
 
 #	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
 
-## [Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md)
+## [Windows Defender AV in the Microsoft Defender Security Center app](windows-defender-security-center-antivirus.md)
 
 ## [Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
new file mode 100644
index 0000000000..16fceaea85
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -0,0 +1,52 @@
+---
+title: Prevent security settings changes with Tamper Protection
+description: Use tamper protection to prevent malicious apps from changing important security settings.
+keywords: malware, defender, antivirus, tamper protection
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: andreabichsel
+ms.author: v-anbic
+---
+
+# Prevent security settings changes with tamper protection
+
+**Applies to:**
+
+- Windows 10
+
+Tamper protection helps prevent malicious apps from changing important security settings. These settings include:
+
+- Real-time protection
+- Cloud-delivered protection
+- IOfficeAntivirus (IOAV)
+- Behavior monitoring
+- Removing security intelligence updates
+
+With tamper protection set to **On**, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings:
+
+- Mobile device management (MDM) apps like Intune
+- Enterprise configuration management apps like System Center Configuration Manager (SCCM)
+- Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures
+- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware and DisableAntiMalware (used in Windows unattended setup)
+- Group Policy
+- Other Windows Management Instrumentation (WMI) apps
+
+The tamper protection setting doesn't affect how third party antivirus apps register with the Windows Security app.
+
+On computers running Windows 10 Enterprise E5, users can't change the tamper protection setting.
+
+Tamper protection is On by default. If you set tamper protection to **Off**, you will see a yellow warning in the Windows Security app under **Virus & threat protection**.
+
+## Configure tamper protection
+
+1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+2. Select **Virus & threat protection**, then select **Virus & threat protection settings**.
+3. Set **Tamper Protection** to **On** or **Off**.
+
+>[!NOTE]
+>If your computer is running Windows 10 Enterprise E5, you can't change the tamper protection settings from within Windows Security App.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
index a156c5b1dd..2de691deb9 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can use Group Policy to prevent users on endpoints from seeing the Windows Defender Antivirus interface. You can also prevent them from pausing scans.
 
@@ -35,7 +35,7 @@ With the setting set to **Disabled** or not configured:
 ![Scheenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png)
 
 >[!NOTE]
->Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Windows Defender Advanced Threat Protection notifications will still appear. You can also individually [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
+>Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
 
 
 In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning "Your system administrator has restricted access to this app.":
diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
index 6e22b89713..ed1703b544 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
index 1718727ee2..4de3b92e99 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 11/16/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 11/16/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 If Windows Defender Antivirus is configured to detect and remediate threats on your device, Windows Defender Antivirus quarantines suspicious files. If you are certain these files do not present a threat, you can restore them.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
index ae3a67efe6..8be9dc4db1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-windows-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-windows-defender-antivirus.md), the results are recorded and you can view the results. 
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
index 15a9be7d17..d3cdab176e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
index 9a451f585c..42310786b4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 12/10/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 12/10/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 > [!NOTE]
 > By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default. 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
index 089226de14..0f59883e27 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
index 85b5650e9c..935339fb99 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
index 0bdced17c6..1fcbeccd26 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/11/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/11/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 If you encounter a problem with Windows Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution.
 
@@ -29,7 +29,7 @@ The tables list:
 - [Internal Windows Defender Antivirus client error codes (used by Microsoft during development and testing)](#internal-error-codes)
 
 >[!TIP]
->You can also visit the Windows Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
+>You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
 
 >- Cloud-delivered protection
 >- Fast learning (including Block at first sight)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
index dcb8f76069..1d000caef1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Windows Defender Antivirus on your endpoints.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
index 566898708b..b8eff33e4a 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 If you are using System Center Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Windows Defender Antivirus scans.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
index 8e45003982..9fc1d12db3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration, and you can read more about it at the [PowerShell hub on MSDN](https://msdn.microsoft.com/powershell/mt173057.aspx).
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
index c4f3239b0c..ef249aaa42 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
index 59ec895413..6dbff069e4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.  
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 449d118890..4b8cc048a4 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,17 +18,17 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
 
 However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender Antivirus will automatically disable itself. You can then choose to enable an optional, limited protection feature, called [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md).
 
-If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
+If you are also using Microsoft Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
 
-The following matrix illustrates the states that Windows Defender AV will enter when third-party antivirus products or Windows Defender ATP are also used. 
+The following matrix illustrates the states that Windows Defender AV will enter when third-party antivirus products or Microsoft Defender ATP are also used. 
 
-Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state
+Windows version | Antimalware protection offered by | Organization enrolled in Microsoft Defender ATP | Windows Defender AV state
 -|-|-|-
 Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode
 Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode
@@ -59,11 +59,11 @@ This table indicates the functionality and features that are available in each s
 
 State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Security intelligence updates](manage-updates-baselines-windows-defender-antivirus.md)
 :-|:-|:-:|:-:|:-:|:-:|:-:
-Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service.  | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Microsoft Defender ATP service.  | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
 Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] 
 Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
 
-If you are enrolled in Windows Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
+If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
 
 Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app.
     
@@ -72,7 +72,7 @@ In passive and automatic disabled mode, you can still [manage updates for Window
  If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
 
 >[!WARNING]
->You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Security app.
+>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Microsoft Defender ATP, or the Windows Security app.
 >  
 >This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks.
 >
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index de41958e5e..1e9f3e028e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index f38d0b3823..b272703ba3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same.
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
index e860e58f69..f8279e4b09 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
 
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
index 4b78bafccb..b8b4f4cb60 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
+author: justinha
 ms.author: v-anbic
 ms.date: 09/03/2018
 ---
@@ -18,7 +18,7 @@ ms.date: 09/03/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security.
 
@@ -36,7 +36,7 @@ Settings that were previously part of the Windows Defender client and main Windo
 See the [Windows Security topic](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center) for more information on other Windows security features that can be monitored in the app.
 
 >[!NOTE]
->The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal that is used to review and manage [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md).
+>The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal that is used to review and manage [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md).
 
 **Review virus and threat protection settings in the Windows Security app:**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
index b1018f5e79..af40ccb8a4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -16,12 +16,12 @@ ms.date: 12/06/2018
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. 
 While Event Viewer helps to see the impact on a single system, IT Pros want to gauge the impact across many systems. 
 
-In November 2018, we added functionality in Windows Defender Advanced Threat Protection (Windows Defender ATP) that makes it easy to view WDAC events centrally from all systems that are connected to Windows Defender ATP. 
+In November 2018, we added functionality in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that makes it easy to view WDAC events centrally from all systems that are connected to Microsoft Defender ATP. 
 
-Advanced hunting in Windows Defender ATP allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. 
+Advanced hunting in Microsoft Defender ATP allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. 
 This capability is supported beginning with Windows version 1607.
 
-Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Windows Defender ATP:
+Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender ATP:
 
 ```
 MiscEvents
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 80dbb5a03b..062d1ab9f3 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -13,7 +13,7 @@ ms.date: 10/17/2017
 
 # Configure Windows Defender Application Guard policy settings
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index 5f25464aaa..610a396882 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -14,7 +14,7 @@ ms.date: 03/28/2019
 
 # Frequently asked questions - Windows Defender Application Guard 
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
 
@@ -76,3 +76,9 @@ Answering frequently asked questions about Windows Defender Application Guard (A
 |**Q:** |What is the WDAGUtilityAccount local account?|
 |**A:** |This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware.|
 <br>
+
+| | |
+|---|----------------------------|
+|**Q:** |How do I trust a subdomain in my site list?|
+|**A:** |To trust a subdomain, you must precede your domain with two dots, for example: ..contoso.com.|
+<br>
diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
index 7bbb3edc4c..b340cb1da4 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md
@@ -14,7 +14,7 @@ ms.date: 02/19/2019
 # Prepare to install Windows Defender Application Guard
 
 **Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 ## Review system requirements
 
diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index 1cb8fce44c..9990a39719 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -13,7 +13,7 @@ ms.date: 11/09/2017
 
 # System requirements for Windows Defender Application Guard
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
@@ -36,6 +36,6 @@ Your environment needs the following software to run Windows Defender Applicatio
 
 |Software|Description|
 |--------|-----------|
-|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher|
+|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher<br>Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. |
 |Browser|Microsoft Edge and Internet Explorer|
 |Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[System Center Configuration Manager](https://docs.microsoft.com/sccm/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
index 092d966221..e372ec40e6 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
@@ -14,7 +14,7 @@ ms.date: 03/15/2019
 # Application Guard testing scenarios
 
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
index 41cf3d2bd0..e8dd4b2672 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@@ -13,7 +13,7 @@ ms.date: 03/28/2019
 
 # Windows Defender Application Guard overview
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
  
 Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md
deleted file mode 100644
index cbe44720d3..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Alerts queue in Windows Defender Security Center
-description: View and manage the alerts surfaced in Windows Defender Security Center
-keywords: 
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
-ms.date: 09/03/2018
----
-
-# Alerts queue in Windows Defender Security Center
-Learn how you can view and manage the queue so that you can effectively investigate threats seen on entities such as machines, files, or user accounts.
-
-
-## In this section
-Topic | Description 
-:---|:---
-[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | Shows a list of alerts that were flagged in your network.
-[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | Learn about how you can manage alerts such as change its status, assign it to a security operations member, and see the history of an alert.
-[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts that are affecting your network, understand what they mean, and how to resolve them.
-[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)| Investigate the details of a file associated with a specific alert, behaviour, or event. 
-[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)| Investigate the details of a machine associated with a specific alert, behaviour, or event. 
-[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between machines in your network and external internet protocol (IP) addresses.
-[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your network have been communicating with a known malicious domain. 
-[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) | Identify user accounts with the most active alerts and investigate cases of potential compromised credentials.  
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index dc4a53e6ea..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Onboard Windows 10 machines on Windows Defender ATP
-description: Onboard Windows 10 machines so that they can send sensor data to the Windows Defender ATP sensor
-keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
-ms.date: 07/12/2018
----
-
-# Onboard Windows 10 machines
-
-**Applies to:**
-
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
-Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
-
-The following deployment tools and methods are supported:
-
-- Group Policy
-- System Center Configuration Manager
-- Mobile Device Management (including Microsoft Intune)
-- Local script
-
-## In this section
-Topic | Description
-:---|:---
-[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) | Use Group Policy to deploy the configuration package on machines.
-[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
-[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
-[Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints.
-[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines.
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 239c4d95db..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Pull alerts to your SIEM tools from Windows Defender Advanced Threat Protection
-description: Learn how to use REST API and configure supported security information and events management tools to receive and pull alerts.
-keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
-ms.date: 10/16/2017
----
-
-# Pull alerts to your SIEM tools
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
-
-## Pull alerts using security information and events management (SIEM) tools
-Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
-
-
-Windows Defender ATP currently supports the following SIEM tools:
-
-- Splunk
-- HP ArcSight
-
-To use either of these supported SIEM tools you'll need to:
-
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- Configure the supported SIEM tool:
-    - [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-    - [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-
-For more information on the list of fields exposed in the alerts API see, [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md).
-
-
-## Pull Windows Defender ATP alerts using REST API
-Windows Defender ATP supports the OAuth 2.0 protocol to pull alerts using REST API.
-
-For more information, see [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md).
-
-
-## In this section
-
-Topic | Description
-:---|:---
-[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
-[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
-[Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
-[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
-[Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
-[Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature.
diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 8a393d5b81..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Update data retention settings for Windows Defender Advanced Threat Protection
-description: Update data retention settings by selecting between 30 days to 180 days.
-keywords: data, storage, settings, retention, update
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
-ms.date: 04/24/2018
----
-# Update data retention settings for Windows Defender ATP 
-
-**Applies to:**
-
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
-
-During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update the data retention settings.
-
-1. In the navigation pane, select **Settings** > **Data rention**.
-
-2. Select the data retention duration from the drop-down list.
-
-    > [!NOTE]
-    > Other settings are not editable.
-
-3. Click **Save preferences**.
-
-
-## Related topics
-- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
-- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
-- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 5050e3dcb1..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Windows Defender Antivirus compatibility with Windows Defender ATP
-description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used.  
-keywords: windows defender compatibility, defender, windows defender atp
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
-ms.date: 04/24/2018
----
-
-# Windows Defender Antivirus compatibility with Windows Defender ATP
-
-**Applies to:**
-
-
-- Windows Defender
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
-
-The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning.
-
->[!IMPORTANT]
->Windows Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. 
-
-You must configure Security intelligence updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
-
-If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
-
-Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
-
-The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
-
-For more information, see the [Windows Defender Antivirus and Windows Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/get-started.md b/windows/security/threat-protection/windows-defender-atp/get-started.md
deleted file mode 100644
index f3b11e8133..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/get-started.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: Get started with Windows Defender Advanced Threat Protection
-description: Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
-keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
-ms.date: 11/20/2018
----
-
-# Get started with Windows Defender Advanced Threat Protection
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
->[!TIP]
->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
-
-Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
-
-The following capabilities are available across multiple products that make up the Windows Defender ATP platform. 
-
-**Threat & Vulnerability Management**<br>
-Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience. 
-
-**Attack surface reduction**<br>
-The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
-
-**Next generation protection**<br>
-To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
-
-**Endpoint detection and response**<br>
-Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
-
-**Auto investigation and remediation**<br>
-In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
-
-**Secure score**<br>
-Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
-
-**Microsoft Threat Experts**<br>
-Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
-
-**Advanced hunting**<br>
-Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
-
-**Management and APIs**<br>
-Integrate Windows Defender Advanced Threat Protection into your existing workflows.
-
-**Microsoft threat protection**<br>
-Bring the power of Microsoft Threat Protection to your organization.
-
-## In this section 
-Topic | Description 
-:---|:---
-[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. 
-[Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
-[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
-[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
-[Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
-[Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out.
-[Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
deleted file mode 100644
index 1a769c409b..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Incidents queue in Windows Defender ATP
-description:
-keywords: incidents, aggregate, investigations, queue, ttp
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Incidents in Windows Defender ATP
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations. 
-
-Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
- 
-
-## In this section
-
-Topic | Description 
-:---|:---
-[View and organize the Incidents queue](view-incidents-queue.md)|  See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
-[Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions.
-[Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)|  See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident.
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md
deleted file mode 100644
index 40687ef4f7..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Machine resource type
-description: Retrieves top machines
-keywords: apis, supported apis, get, machines
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Machine resource type
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-# Methods
-Method|Return Type |Description
-:---|:---|:---
-[List machines](get-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List set of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the org.
-[Get machine](get-machine-by-id-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Get a [machine](machine-windows-defender-advanced-threat-protection-new.md) by its identity.
-[Get logged on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) | [user](user-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [User](user-windows-defender-advanced-threat-protection-new.md) that logged on to the [machine](machine-windows-defender-advanced-threat-protection-new.md).
-[Get related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that were raised on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
-[Add or Remove machine tags](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Add or Remove tag to a specific machine.
-[Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Find machines seen with IP.
-
-# Properties
-Property |	Type	|	Description
-:---|:---|:---
-id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity.
-computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name.
-firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP.
-lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP.
-osPlatform | String | OS platform.
-osVersion | String | OS Version.
-lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
-lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
-agentVersion | String | Version of Windows Defender ATP agent.
-osBuild | Nullable long | OS build number.
-healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
-rbacGroupId | Int | RBAC Group ID.
-rbacGroupName | String | RBAC Group Name.
-riskScore | Nullable Enum | Risk score as evaluated by Windows Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
-aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).
-machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
deleted file mode 100644
index aa6b9b537e..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: machineAction resource type
-description: Retrieves top recent machineActions.
-keywords: apis, supported apis, get, machineaction, recent
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# MachineAction resource type
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Method|Return Type |Description
-:---|:---|:---
-[List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
-[Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get a single [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
-[Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Collect investigation package from a [machine](machine-windows-defender-advanced-threat-protection-new.md).
-[Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get URI for downloading the investigation package.
-[Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Isolate [machine](machine-windows-defender-advanced-threat-protection-new.md) from network.
-[Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Release [machine](machine-windows-defender-advanced-threat-protection-new.md) from Isolation.
-[Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution.
-[Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction.
-[Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable).
-[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Windows Defender ATP.
-
-# Properties
-Property |	Type	|	Description
-:---|:---|:---
-id | Guid | Identity of the [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
-type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
-requestor | String | Identity of the person that executed the action.
-requestorComment | String | Comment that was written when issuing the action.
-status | Enum | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".
-machineId | String | Id of the machine on which the action was executed.
-creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.
-lastUpdateTimeUtc | DateTimeOffset | The last date and time when the action status was updated.
-relatedFileInfo | Class | Contains two Properties. 1) string 'fileIdentifier' 2) Enum 'fileIdentifierType' with the possible values: "Sha1" ,"Sha256" and "Md5".
-
diff --git a/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md b/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md
deleted file mode 100644
index 3f4a20dcbc..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md
+++ /dev/null
@@ -1,6 +0,0 @@
----
-ms.date: 08/28/2017
-author: zavidor
----
->[!Note]
-> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via Windows Defender ATP.
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index afd1ba57b5..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Minimum requirements for Windows Defender ATP
-description: Understand the licensing requirements and requirements for onboarding machines to the sercvie
-keywords: minimum requirements, licensing, comparison table
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Minimum requirements for Windows Defender ATP
-
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-There are some minimum requirements for onboarding machines to the service.
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
-
-
->[!TIP]
->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
-
-## Licensing requirements
-Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
-
-- Windows 10 Enterprise E5
-- Windows 10 Education E5
-- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
-
-For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare).
-
-For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559).
-
-For more information about licensing requirements for Windows Defender ATP platform on Windows Server, see [Protecting Windows Servers with Windows Defender ATP](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114).
-
-
-## Related topic
-- [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
-- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index dc2b133c7a..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Offboard machines from the Windows Defender ATP service
-description: Onboard Windows 10 machines, servers, non-Windows machines from the Windows Defender ATP service
-keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Offboard machines from the Windows Defender ATP service
-
-**Applies to:**
-- macOS
-- Linux
-- Windows Server 2012 R2
-- Windows Server 2016
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
-
-Follow the corresponding instructions depending on your preferred deployment method.
-
-## Offboard Windows 10 machines
-  - [Offboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md#offboard-machines-using-a-local-script)
-  - [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy)
-  - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager)
-  - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
-
-## Offboard Servers
-  - [Offboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md#offboard-servers)
-
-## Offboard non-Windows machines
-  - [Offboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md#offboard-non-windows-machines)
-
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
deleted file mode 100644
index 4599298025..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: Overview of endpoint detection and response capabilities
-description: Learn about the endpoint detection and response capabilities in Windows Defender ATP
-keywords: 
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Overview of endpoint detection and response
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Windows Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
-
-When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
-
-Inspired by the "assume breach" mindset, Windows Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
-
-The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
-
-## In this section
-
-Topic | Description
-:---|:---
-[Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | Explore a high level overview of detections, highlighting where response actions are needed.
-[Incidents queue](incidents-queue.md) | View and organize the incidents queue, and manage and investigate alerts.
-[Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | View and organize the machine alerts queue, and manage and investigate alerts.
-[Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) | Investigate machines with generated alerts and search for specific events over time.
-[Take response actions](response-actions-windows-defender-advanced-threat-protection.md) | Learn about the available response actions and apply them to machines and files.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/overview.md b/windows/security/threat-protection/windows-defender-atp/overview.md
deleted file mode 100644
index d2421506b2..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/overview.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Overview of Windows Defender ATP 
-description: Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform
-keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Overview of Windows Defender ATP capabilities
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. 
-
->[!TIP]
->- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Windows Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
-
-## In this section 
-
-Topic | Description 
-:---|:---
-[Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) | Reduce organizational vulnerability exposure and increase threat resilience while seamlessly connecting workflows across security stakeholders—security administrators, security operations, and IT administrators in remediating threats.
-[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization. 
-[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers.
-[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
-[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
-[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
-[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
-[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) |  Use a powerful search and query language to create custom queries and detection rules.
-[Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
-[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
-[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) |Learn to navigate your way around Windows Defender Security Center. 
-
-
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 469a59e63e..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Turn on the preview experience in Windows Defender ATP
-description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
-keywords: advanced features, settings, block file
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-# Turn on the preview experience in Windows Defender ATP
-
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
-
-Turn on the preview experience setting to be among the first to try upcoming features.
-
-1. In the navigation pane, select **Settings** > **Advanced features**.
-
-    ![Image of settings and preview experience](images/atp-preview-features.png)
-
-
-2. Toggle the setting between **On** and **Off** and select **Save preferences**.
-
-## Related topics
-- [Update general settings in Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 934fbed168..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Windows Defender ATP preview features
-description: Learn how to access Windows Defender Advanced Threat Protection preview features.
-keywords: preview, preview experience, Windows Defender Advanced Threat Protection, features, updates
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Windows Defender ATP preview features
-
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
-The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) 
-
-
-Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. 
-
-For more information on capabilities that are generally available or in preview, see [What's new in Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp).
-)
-
-## Turn on preview features
-You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
-
-Turn on the preview experience setting to be among the first to try upcoming features.
-
-1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**.
-
-2. Toggle the setting between **On** and **Off** and select **Save preferences**.
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
-
diff --git a/windows/security/threat-protection/windows-defender-atp/use-apis.md b/windows/security/threat-protection/windows-defender-atp/use-apis.md
deleted file mode 100644
index 18e77632f4..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/use-apis.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Windows Defender ATP APIs 
-description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
-keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Windows Defender ATP APIs
-
-**Applies to:** 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
-
-## In this section
-Topic | Description
-:---|:---
-[Windows Defender ATP API overview](apis-intro.md) | Learn how to access to Windows Defender ATP Public API and on which context. 
-[Supported Windows Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
-How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index be38700ccf..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Use the custom threat intelligence API to create custom alerts
-description: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts
-keywords: threat intelligence, alert definitions, indicators of compromise
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Use the threat intelligence API to create custom alerts
-
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) 
-
-Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
-
-You can use the code examples to guide you in creating calls to the custom threat intelligence API.
-
-## In this section
-
-Topic | Description
-:---|:---
-[Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) |  Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization.
-[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through Windows Defender Security Center so that you can create custom threat intelligence (TI) using REST API.
-[Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization.
-[PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API.
-[Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API.
-[Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) | This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API.
-[Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) | Learn how to address possible issues you might encounter while using the threat intelligence API.
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 268f112212..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Overview of Windows Defender Security Center
-description: Learn about the features on Windows Defender Security Center, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
-keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Overview of Windows Defender Security Center
-
-**Applies to:**
-
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) 
-
-Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. 
-
-Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
-
-Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
-
-Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown. 
-
-
-### In this section
-
-Topic | Description
-:---|:---
-[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions.
-[View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP  **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
-[View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
-[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of mitigations.
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md
deleted file mode 100644
index 6bc2c21435..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: File resource type
-description: Retrieves top recent alerts.
-keywords: apis, graph api, supported apis, get, alerts, recent
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# User resource type
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Method|Return Type |Description
-:---|:---|:---
-[List User related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection |  List all the alerts that are associated with a [user](user-windows-defender-advanced-threat-protection-new.md).
-[List User related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List all the machines that were logged on by a [user](user-windows-defender-advanced-threat-protection-new.md).
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
deleted file mode 100644
index 450fdcb9a5..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-title: What's new in Windows Defender ATP
-description: Lists the new features and functionality in Windows Defender ATP
-keywords: what's new in windows defender atp
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: secure
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# What's new in Windows Defender ATP
-**Applies to:**
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-Here are the new features in the latest release of Windows Defender ATP as well as security features in Windows 10 and Windows Server.
-
-## April 2019
-The following capability is generally available (GA).
-
-- [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts#targeted-attack-notification) <BR>Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
-
-- [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/use-apis) <BR> Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. 
-
-
-### In preview
-The following capabilities  are included in the April 2019 preview release. 
-
-- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. 
-
-- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/partner-applications) <BR> Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
-
-## March 2019
-### In preview
-The following capability are included in the March 2019 preview release. 
-
-- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-rotection)  The machine health and compliance report provides high-level information about the devices in your organization. 
-
-
-## February 2019
-The following capabilities are generally available (GA).
-- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Windows Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats. 
-
-- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor.
-
-### In preview
-The following capability are included in the February 2019 preview release. 
-
-- [Reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)<BR>The threat protection report provides high-level information about alerts generated in your organization. 
-
-- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.  
-
-
-## October 2018
-The following capabilities are generally available (GA).
-
-- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)<BR>All Attack surface reduction rules are now supported on Windows Server 2019.
-
-- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<BR> Controlled folder access is now supported on Windows Server 2019.
-
-- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)<BR>With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. 
-
-- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)<BR> Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
-
-- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)<BR> Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
-
-- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)<BR>Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
-
-- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)<BR> iOS and Android devices are now supported and can be onboarded to the service.
-
-- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)<BR>
-Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
-
-- New in Windows 10 version 1809, there are two new attack surface reduction rules: 
-  -	Block Adobe Reader from creating child processes
-  -	Block Office communication application from creating child processes.
-  
-- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
-    - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
-    - Windows Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security.
-    - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans.
-
-
-### In preview
-The following capabilities are included in the October 2018 preview release. 
-
-For more information on how to turn on preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
-
-- [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)<BR>
-Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace.
-Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.
-    
-    >[!NOTE]
-    >Partially available from Windows 10, version 1809.
-
-- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) <BR> Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
-
-    >[!NOTE]
-    >Available from Windows 10, version 1809 or later.
-
-- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) <BR> Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. 
-
-- [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) <br>
-Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
-
-  
-## March 2018
-- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <BR>
-Query data using Advanced hunting in Windows Defender ATP.
-
-- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)<BR>
-    New attack surface reduction rules: 
-  -	Use advanced protection against ransomware
-  -	Block credential stealing from the Windows local security authority subsystem (lsass.exe)
-  - Block process creations originating from PSExec and WMI commands
-  - Block untrusted and unsigned processes that run from USB
-  - Block executable content from email client and webmail
-
-- [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<BR> Use Automated investigations to investigate and remediate threats.
-
-    >[!NOTE]
-    >Available from Windows 10, version 1803 or later.
-
-- [Conditional access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br> Enable conditional access to better protect users, devices, and data.
-
-- [Windows Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)<BR> 
-    The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
-
-- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<BR>
-You can now block untrusted processes from writing to disk sectors using Controlled Folder Access.
-
-- [Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection)<BR>
-    Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network.
-
-- [Role-based access control (RBAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)<BR>
-    Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal.
-
-
-- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)<BR>
-Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus).
-
-    Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus).
-
-
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
deleted file mode 100644
index 3c620a48d0..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Windows Defender Security Center
-description: Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection.
-keywords: windows, defender, security, center, defender, advanced, threat, protection
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual
----
-
-# Windows Defender Security Center
-
-Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks.
-
-## In this section
-
-Topic | Description
-:---|:---
-Get started  |  Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
-[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
-[Understand the portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
-Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
-API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from Windows Defender Security Center.
-Reporting | Create and build Power BI reports using Windows Defender ATP data.
-Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
-[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
-[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
-[Troubleshoot service issues](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
-
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 5bfe2c6ba4..3a27c990a9 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -11,18 +11,21 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/02/2019
+ms.date: 05/07/2019
 ---
 
 # Reduce attack surfaces with attack surface reduction rules 
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. 
 
-To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment.
+To use attack surface reduction rules, you need a Windows 10 Enterprise license. If you have a Windows E5 license, it gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 Security Center. These advanced capabilities aren't available with an E3 license or with Windows 10 Enterprise without subscription, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment.
 
 Attack surface reduction rules target behaviors that malware and malicious apps typically use to infect computers, including:
 
@@ -32,7 +35,7 @@ Attack surface reduction rules target behaviors that malware and malicious apps
 
 You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks similar to malware. By monitoring audit data and [adding exclusions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity.
 
-Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Windows Defender Security Center and in the Microsoft 365 securty center. 
+Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Microsoft Defender Security Center and in the Microsoft 365 securty center. 
 
 For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
@@ -79,6 +82,7 @@ Block process creations originating from PSExec and WMI commands | d1e49aac-8f56
 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 | Supported
 Block Office communication application from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869 | Supported
 Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c | Supported
+Block persistence through WMI event subscription | e6db77e5-3df2-4cf1-b95a-636979351e5b | Not supported
 
 Each rule description indicates which apps or file types the rule applies to. In general, the rules for Office apps apply to only Word, Excel, PowerPoint, and OneNote, or they apply to Outlook. Except where specified, attack surface reduction rules don't apply to any other Office apps.
 
@@ -264,6 +268,15 @@ SCCM name: Not applicable
 
 GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
 
+### Block persistence through WMI event subscription
+
+Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository. 
+
+Intune name: Block persistence through WMI event subscription
+
+SCCM name: Not yet available
+
+GUID: e6db77e5-3df2-4cf1-b95a-636979351e5b
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
index 4cc8fbd9f5..60bdf42183 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 10/15/2018
 ---
 
@@ -20,7 +20,7 @@ ms.date: 10/15/2018
 
 - Windows 10 Enterprise E3
 
-Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license. 
+Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license. 
 
 A limited subset of basic attack surface reduction rules can technically be used with Windows 10 Enterprise E3. They can be used without the benefits of reporting, monitoring, and analytics, which provide the ease of deployment and management capabilities necessary for enterprises. 
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
index 1c4e998102..95be5ed8d8 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
@@ -1,6 +1,6 @@
 ---
-title: Test how Windows Defender ATP features work
-description: Audit mode lets you use the event log to see how Windows Defender ATP would protect your devices if it were enabled
+title: Test how Microsoft Defender ATP features work
+description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it were enabled
 keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/02/2019
 ---
 
@@ -19,7 +19,7 @@ ms.date: 04/02/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
 
@@ -29,7 +29,7 @@ While the features will not block or prevent apps, scripts, or files from being
 
 To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
 
-You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. 
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
index 77098d4c10..fc8c602805 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 11/29/2018
 ---
 
@@ -18,10 +18,10 @@ ms.date: 11/29/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
-Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
 
@@ -39,11 +39,11 @@ Controlled folder access is supported on Windows 10, version 1709 and later and
 
 Controlled folder access requires enabling [Windows Defender Antivirus real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md).
 
-## Review controlled folder access events in the Windows Defender ATP Security Center
+## Review controlled folder access events in the Microsoft Defender ATP Security Center
 
-Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). 
+Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). 
 
-You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
 
 ## Review controlled folder access events in Windows Event Viewer
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
index 204fad8ca0..4171f5879d 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -11,14 +11,17 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/26/2019
+ms.date: 05/13/2019
 ---
 
 # Customize attack surface reduction rules
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
 
@@ -28,20 +31,18 @@ You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
 
 ## Exclude files and folders
 
-You can exclude files and folders from being evaluated by all attack surface reduction rules. This means that even if the file or folder contains malicious behavior as determined by an attack surface reduction rule, the file will not be blocked from running. 
-
-This could potentially allow unsafe files to run and infect your devices.
+You can exclude files and folders from being evaluated by attack surface reduction rules. This means that even if an attack surface reduction rule detects that the file contains malicious behavior, the file will not be blocked from running. 
 
 >[!WARNING]
->Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded.
-> 
->If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md).
+>This could potentially allow unsafe files to run and infect your devices. Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded.
 
-You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions.
+An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource, but you cannot limit an exclusion to certain rules.
+
+An exclusion is applied only when when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
 
 Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). 
+If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md).
 
-Exclusions apply to all attack surface reduction rules.
 
 Rule description | GUID 
 -|:-:|-
@@ -59,6 +60,7 @@ Block process creations originating from PSExec and WMI commands | d1e49aac-8f56
 Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
 Block Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
 Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
+Block persistence through WMI event subscription | e6db77e5-3df2-4cf1-b95a-636979351e5b 
 
 See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
@@ -72,9 +74,9 @@ See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) to
 
 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. 
 
-### Use PowerShell to exclude files and folderss
+### Use PowerShell to exclude files and folders
 
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
 
     ```PowerShell
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
index 05037553e3..0367233536 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
@@ -11,27 +11,28 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
+ms.date: 05/13/2019
 ---
 
 # Customize controlled folder access
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
 
 This topic describes how to customize the following settings of the controlled folder access feature with the Windows Security app, Group Policy, PowerShell, and mobile device management (MDM) configuration service providers (CSPs):
 
 - [Add additional folders to be protected](#protect-additional-folders)
-- [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders)
+- [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders)
 
 >[!WARNING]
 >Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files.
 >
 >This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender-exploit-guard.md) to fully assess the feature's impact.
 
- ## Protect additional folders
+## Protect additional folders
 
 Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop.
 
@@ -41,7 +42,6 @@ Adding other folders to controlled folder access can be useful, for example, if
 
 You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). 
 
-
 You can use the Windows Security app or Group Policy to add and remove additional protected folders.
 
 ### Use the Windows Security app to protect additional folders
@@ -89,13 +89,14 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m
 You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the controlled folder access feature. 
 
 >[!IMPORTANT]
->By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets.
+>By default, Windows adds apps that it considers friendly to the allowed list—apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets.
 >You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.
 
-You can use the Windows Security app or Group Policy to add and remove apps that should be allowed to access protected folders.
-
 When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access.
 
+An allowed application or service only has write access to a controlled folder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
+
+
 ### Use the Windows Defender Security app to allow specific apps
 
 1. Open the Windows Security by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@@ -106,7 +107,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
 4. Click **Add an allowed app** and follow the prompts to add apps.
 
-    ![Screenshot of the add an allowed app button](images/cfa-allow-app.png)
+    ![Screenshot of how to add an allowed app button](images/cfa-allow-app.png)
 
 ### Use Group Policy to allow specific apps
 
@@ -120,7 +121,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
 ### Use PowerShell to allow specific apps
 
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
 
     ```PowerShell
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
index bde9222c86..a8917ef7f9 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 03/26/2019
 ---
 
@@ -18,7 +18,7 @@ ms.date: 03/26/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
  
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
index 843e0e7f4c..013ea04010 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 08/08/2018
 ---
 
@@ -18,22 +18,22 @@ ms.date: 08/08/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 >[!IMPORTANT]
->If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. 
+>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP. 
 >  
 >You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
 
-This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Windows Defender ATP. 
+This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Microsoft Defender ATP. 
  
-Exploit protection in Windows Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
+Exploit protection in Microsoft Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
 
 EMET is a standalone product for earlier versions of Windows and provides some mitigation against older, known exploit techniques.
 
 After July 31, 2018, it will not be supported.
 
-For more information about the individual features and mitigations available in Windows Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics:
+For more information about the individual features and mitigations available in Microsoft Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics:
 
 - [Protect devices from exploits](exploit-protection-exploit-guard.md)
 - [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
@@ -59,7 +59,7 @@ Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes
 Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires use of EMET tool (EMET_CONF)
 System Center Configuration Manager |  [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
 Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
-Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
+Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
 Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
 
 <span id="fn1"></span>([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx).
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index 1a68651c4f..6bde089355 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/29/2019
+ms.date: 05/13/2019
 ---
 
 # Enable attack surface reduction rules
@@ -24,9 +24,9 @@ Each ASR rule contains three settings:
 * Block: Enable the ASR rule
 * Audit: Evaluate how the ASR rule would impact your organization if enabled
 
-To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
+To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
 
-You can enable attack surface reduction rules by using any of the these methods:
+You can enable attack surface reduction rules by using any of these methods:
 
 - [Microsoft Intune](#intune) 
 - [Mobile Device Management (MDM)](#mdm)
@@ -51,7 +51,7 @@ You can exclude files and folders from being evaluated by most attack surface re
 >- Block process creations originating from PSExec and WMI commands
 >- Block JavaScript or VBScript from launching downloaded executable content
 
-You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to.
+You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. An exclusion is applied only when when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted.
 
 ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). 
 
@@ -131,7 +131,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
 >[!WARNING]
 >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
 
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
 
 2. Enter the following cmdlet:
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
index d761ebfc85..b0dce6c339 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@@ -11,18 +11,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/29/2019
+ms.date: 05/13/2019
 ---
 
 # Enable controlled folder access
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019.
 
-You can enable controlled folder access by using any of the these methods:
+You can enable controlled folder access by using any of these methods:
 
 - [Windows Security app](#windows-security-app)
 - [Microsoft Intune](#intune) 
@@ -59,9 +59,12 @@ For more information about disabling local list merging, see [Prevent or allow u
    ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) 
 1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. 
 1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. 
+
    ![Enable controlled folder access in Intune](images/enable-cfa-intune.png)
+
    >[!NOTE]
-   >Wilcard is supported for applications, but not for folders. Subfolders are not protected. 
+   >Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. 
+
 1. Click **OK** to save each open blade and click **Create**. 
 1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
 
@@ -76,7 +79,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
 1. Enter a name and a description, click **Controlled folder access**, and click **Next**.
 1. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.
    >[!NOTE]
-   >Wilcard is supported for applications, but not for folders. Subfolders are not protected.  
+   >Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted.
 1. Review the settings and click **Next** to create the policy.
 1. After the policy is created, click **Close**. 
 
@@ -93,14 +96,14 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
     - **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders.
     - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
 
-    ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png)
+      ![Screenshot of group policy option with Enabled and then Enable selected in the drop-down](images/cfa-gp-enable.png)
 
 >[!IMPORTANT]
 >To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu.
 
 ## PowerShell
 
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
 
 2. Enter the following cmdlet:
 
@@ -116,4 +119,4 @@ Use `Disabled` to turn the feature off.
 
 - [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
 - [Customize controlled folder access](customize-controlled-folders-exploit-guard.md) 
-- [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md)
+- [Evaluate Microsoft Defender ATP](evaluate-windows-defender-exploit-guard.md)
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
index 58cb4ad00c..28ebf8d7e3 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
@@ -11,14 +11,14 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/22/2019
+ms.date: 05/09/2019
 ---
 
 # Enable exploit protection
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [Exploit protection](exploit-protection-exploit-guard.md) helps protect against malware that uses exploits to infect devices and spread. It consists of a number of mitigations that can be applied to either the operating system or individual apps.
 
@@ -26,7 +26,7 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include
 
 You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
 
-You can enable each mitigation separately by using any of the these methods:
+You can enable each mitigation separately by using any of these methods:
 
 - [Windows Security app](#windows-security-app)
 - [Microsoft Intune](#intune) 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
index 8df4d37da6..d2d9ebc1e0 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
@@ -11,18 +11,19 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/22/2019
+ms.date: 05/13/2019
 ---
 
 # Enable network protection
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. 
 You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it.  
-You can enable network protection by using any of the these methods:
+
+You can enable network protection by using any of these methods:
 
 - [Microsoft Intune](#intune) 
 - [Mobile Device Management (MDM)](#mdm)
@@ -87,7 +88,7 @@ You can confirm network protection is enabled on a local computer by using Regis
 
 ## PowerShell
 
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
 
     ```
@@ -100,7 +101,7 @@ You can enable the feature in audit mode using the following cmdlet:
 Set-MpPreference -EnableNetworkProtection AuditMode
 ```
 
-Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
+Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off.
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index 8648bcd508..08fe9b44f4 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -17,7 +17,7 @@ ms.date: 04/01/2019
 
 **Applies to**  
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. 
 Some applications, including device drivers, may be incompatible with HVCI. 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
index 707aa20197..97b520be30 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@@ -18,7 +18,7 @@ ms.date: 04/02/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
index 958cc3e6d8..2add36dcdf 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 11/16/2018
 ---
 
@@ -18,7 +18,7 @@ ms.date: 11/16/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [Controlled folder access](controlled-folders-exploit-guard.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients.
 
@@ -63,5 +63,5 @@ See [Protect important folders with controlled folder access](controlled-folders
 
 ## Related topics
 - [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
-- [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md)
+- [Evaluate Microsoft Defender ATP](evaluate-windows-defender-exploit-guard.md)
 - [Use audit mode](audit-windows-defender-exploit-guard.md)
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
index 6ae70924c7..64c227f6e5 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/02/2019
 ---
 
@@ -18,7 +18,7 @@ ms.date: 04/02/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [Exploit protection](exploit-protection-exploit-guard.md) helps protect devices from malware that uses exploits to spread and infect other devices. 
 It consists of a number of mitigations that can be applied to either the operating system or an individual app.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
index 74605b559a..1760cd9977 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
@@ -11,18 +11,18 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/02/2019
+ms.date: 05/10/2019
 ---
 
 # Evaluate network protection
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [Network protection](network-protection-exploit-guard.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
 
-This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visted a malicious site or domain.
+This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain.
 
 
 >[!TIP]
@@ -34,7 +34,7 @@ You can enable network protection in audit mode to see which IP addresses and do
 
 You might want to do this to make sure it doesn't affect line-of-business apps or to get an idea of how often blocks occur.
 
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
 
     ```PowerShell
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
index ee57054634..8015e81dde 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 05/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
index c15f7d5f95..13fcbf3167 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@@ -10,8 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 ms.date: 04/16/2018
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 03/26/2019
 ---
 
@@ -19,7 +19,7 @@ ms.date: 03/26/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can review attack surface reduction events in Event Viewer. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow.
 
@@ -27,7 +27,7 @@ Reviewing the events is also handy when you are evaluating the features, as you
 
 This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events.
 
-You can also get detailed reporting into events and blocks as part of Windows Security, which you access if you have an E5 subscription and use [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md). 
+You can also get detailed reporting into events and blocks as part of Windows Security, which you access if you have an E5 subscription and use [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md). 
 
 ## Use custom views to review attack surface reduction capabilities
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
index 72869c7925..f00aadcdbf 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/02/2019
 ---
 
@@ -18,7 +18,7 @@ ms.date: 04/02/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps. 
 
@@ -27,7 +27,7 @@ It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md
 >[!TIP]
 >You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
-Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+Exploit protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 You can [enable exploit protection](enable-exploit-protection.md) on an individual machine, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
 
@@ -79,11 +79,11 @@ Win32K | 260 | Untrusted Font
 ## Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard
 
 >[!IMPORTANT]
->If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. 
+>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP. 
 >  
 >You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
 
-This section compares exploit protection in Windows Defender ATP with the Enhance Mitigation Experience Toolkit (EMET) for reference. 
+This section compares exploit protection in Microsoft Defender ATP with the Enhance Mitigation Experience Toolkit (EMET) for reference. 
 The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.
 
 &nbsp; | Windows Defender Exploit Guard | EMET
@@ -102,7 +102,7 @@ Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes
 Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires use of EMET tool (EMET_CONF)
 System Center Configuration Manager |  [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
 Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
-Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
+Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
 Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
 
 <span id="fn1"></span>([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx).
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
index 1be2ff6cb2..3246dc8164 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
@@ -18,7 +18,7 @@ ms.date: 04/30/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md
index aed6d58094..40ac8a84cd 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
index 8ffcfaf3cd..74446e97d9 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -11,25 +11,25 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 02/14/2019
+ms.date: 04/30/2019
 ---
 
 # Protect your network
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. 
 
 It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
 
-Network protection is supported on Windows 10, version 1709 and later and Windows Server 2016, version 1803 or later.
+Network protection is supported beginning with Windows 10, version 1709.
 
 >[!TIP]
 >You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
-Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+Network protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 When network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
 
@@ -43,11 +43,11 @@ Windows 10 version | Windows Defender Antivirus
 - | -
 Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
 
-## Review network protection events in the Windows Defender ATP Security Center
+## Review network protection events in the Microsoft Defender ATP Security Center
 
-Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). 
+Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). 
 
-You can query Windows Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
+You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
 
 ## Review network protection events in Windows Event Viewer
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 514a74a4ea..bd01a47dbb 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -17,7 +17,7 @@ ms.date: 10/20/2017
 
 **Applies to**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Computers must meet certain hardware, firmware, and software requirements in order to take adavantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
index 0eea5319db..0ffe534d26 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 03/27/2019
 ---
 
@@ -18,7 +18,7 @@ ms.date: 03/27/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 When you use [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as:
 
@@ -76,7 +76,7 @@ To add an exclusion, see [Customize Attack surface reduction](customize-attack-s
 
 ## Report a false positive or false negative
 
-Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md).
+Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md).
 
 ## Collect diagnostic data for file submissions
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md
index 7820eac52f..e8e2f3e46b 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 08/09/2018
 ---
 
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
index aac22be513..b9c76c1343 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 03/27/2019
 ---
 
@@ -18,7 +18,7 @@ ms.date: 03/27/2019
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 - IT administrators
 
@@ -65,7 +65,7 @@ Set-MpPreference -EnableNetworkProtection Enabled
 
 ## Report a false positive or false negative
 
-If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md).
+If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md).
 
 ## Collect diagnostic data for file submissions
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index 32055b2546..b6733d5ed0 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 08/09/2018
 ---
 
@@ -18,7 +18,7 @@ ms.date: 08/09/2018
 
 **Applies to:**
 
-- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
 
@@ -43,9 +43,9 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th
 >[!TIP]
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
 
-Windows Defender EG can be managed and reported on in the Windows Security app as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies.
+Windows Defender EG can be managed and reported on in the Windows Security app as part of the Microsoft Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies.
 
-You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
+You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [sign up for a free trial of Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
 
 ## Requirements
 
@@ -55,7 +55,7 @@ This section covers requirements for each feature in Windows Defender EG.
 |--------|---------|
 | ![not supported](./images/ball_empty.png) | Not supported |
 | ![supported](./images/ball_50.png) | Supported |
-| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Windows Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.|
+| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Microsoft Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.|
 
 | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
 | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
diff --git a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
index 92d6f70f01..4ca95e5608 100644
--- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
+++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
@@ -1,9 +1,9 @@
-# [The Windows Defender Security Center app](windows-defender-security-center.md)
+# [The Microsoft Defender Security Center app](windows-defender-security-center.md)
 
 
-## [Customize the Windows Defender Security Center app for your organization](wdsc-customize-contact-information.md)
-## [Hide Windows Defender Security Center app notifications](wdsc-hide-notifications.md)
-## [Manage Windows Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md)
+## [Customize the Microsoft Defender Security Center app for your organization](wdsc-customize-contact-information.md)
+## [Hide Microsoft Defender Security Center app notifications](wdsc-hide-notifications.md)
+## [Manage Microsoft Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md)
 ## [Virus and threat protection](wdsc-virus-threat-protection.md)
 ## [Account protection](wdsc-account-protection.md)
 ## [Firewall and network protection](wdsc-firewall-network-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
index eb6433dadd..f0717a9b1f 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
index f8a95593d9..4b44cd3f09 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 30cc2c355d..f8ac757f91 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
index 83258123af..4abfa20ff5 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
index 5df35a849e..6b828b0347 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 10/02/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
index cc7706945e..84f4c82eae 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
index 1aea2d2d26..29be0d4d92 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index b936dc1dcb..98abf1ab59 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index f4ee73535b..db876c5abf 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index f13658dab4..b17f381379 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 60a0d3278b..938c532c3d 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: andreabichsel
-ms.author: v-anbic
+author: justinha
+ms.author: justinha
 ms.date: 10/02/2018
 ---
 
@@ -37,7 +37,7 @@ In Windows 10, version 1803, the app has two new areas, **Account protection** a
 ![Screen shot of the Windows Security app showing that the device is protected and five icons for each of the features](images/security-center-home.png)
 
 >[!NOTE]
->The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
+>The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
 
 You can't uninstall the Windows Security app, but you can do one of the following:
 
diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
index 00899f714f..ccc35c4967 100644
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
@@ -50,12 +50,23 @@ Windows Defender SmartScreen helps to provide an early warning system against we
 ## Viewing Windows Defender SmartScreen anti-phishing events
 When Windows Defender SmartScreen warns or blocks an employee from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
 
+
+## Viewing Windows event logs for SmartScreen
+SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
+
+
+|EventID | Description |
+| :---:         |     :---:      |
+|1000 | Application SmartScreen Event|
+|1001 | Uri SmartScreen Event|
+|1002 | User Decision SmartScreen Event|
+
 ## Related topics
 - [SmartScreen Frequently Asked Questions (FAQ)](https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx)
 
-- [How to recognize phishing email messages, links, or phone calls](https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx)
-
 - [Threat protection](../index.md)
 
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
+- [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings)
+
+>[!NOTE] 
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index dd8a314962..11407c1a11 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -36,7 +36,6 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use
 >Microsoft Intune supports LTSC 2019 and later. 
 
 
-
 ## Security
 
 This version of Window 10 includes security improvements for threat protection, information protection, and identity protection.
@@ -59,30 +58,6 @@ Attack surface reduction includes host-based intrusion prevention systems such a
 
 Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in [Build 17627](https://docs.microsoft.com/windows/wsl/release-notes#build-17618-skip-ahead).
 
-###### Windows Defender Application Guard
-
-Windows Defender Application Guard hardens a favorite attacker entry-point by isolating malware and other threats away from your data, apps, and infrastructure. For more information, see [Windows Defender Application Guard overview](https://docs.microsoft.com/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview).
-
-Windows Defender Application Guard has support for Edge and has extensions for Chrome and Firefox. For more information, see [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard#software-requirements)
-
-Windows Defender Application Guard (WDAG) introduced a new user interface inside **Windows Security** in this release. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security Center. 
-
-Additionally, users who are managed by enterprise policies will be able to check their settings to see what their administrators have configured for their machines to better understand the behavior of Windows Defender Application Guard. This new UI improves the overall experience for users while managing and checking their Windows Defender Application Guard settings. As long as devices meet the minimum requirements, these settings will appear in Windows Security. For more information, see [Windows Defender Application Guard inside Windows Security App](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/test/m-p/214102#M1709).
-
-To try this:
-
-1. Go to **Windows Security** and select **App & browser control**.
-2. Under **Isolated browsing**, select **Install Windows Defender Application Guard**, then install and restart the device.
-3. Select **Change Application Guard** settings.
-4. Configure or check Application Guard settings.
-
-See the following example:
-
-![Security at a glance](../images/1_AppBrowser.png "app and browser control")
-![Isolated browser](../images/2_InstallWDAG.png "isolated browsing")
-![change WDAG settings](../images/3_ChangeSettings.png "change settings")
-![view WDAG settings](../images/4_ViewSettings.jpg "view settings")
-
 ##### Windows Defender Device Guard
 
 [Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) has always been a collection of technologies that can be combined to lock down a PC, including: