Merge pull request #2605 from MicrosoftDocs/master

Publish 4/22/2020 3:35 PM PST

.openpublishing.redirection.json

@@ -7832,11 +7832,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
-"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
 "redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit",
 "redirect_document_id": true
@@ -7887,16 +7882,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/deploy/integrate-configuration-manager-with-mdt-2013.md",
-"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013",
-"redirect_document_id": true
-},
-{
-"source_path": "windows/deploy/integrate-configuration-manager-with-mdt.md",
-"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/deploy/introduction-vamt.md",
 "redirect_url": "https://docs.microsoft.com/windows/deployment/volume-activation/introduction-vamt",
 "redirect_document_id": true
@@ -15778,7 +15763,7 @@
 },
 {
 "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
-"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
 "redirect_document_id": false
 },
 {
@@ -15792,21 +15777,11 @@
 "redirect_document_id": false
 },
 {
-"source_path": "windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md",
-"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt",
-"redirect_document_id": false
-},
-{
 "source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-configuration-manager.md",
 "redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
 "redirect_document_id": false
 },
 {
-"source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
-"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/integrate-configuration-manager-with-mdt",
-"redirect_document_id": false
-},
-{
 "source_path": "windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
 "redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
 "redirect_document_id": false
@@ -15875,6 +15850,10 @@
 "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager.md",
 "redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
 "redirect_document_id": false
+},
+{
+"source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt",    "redirect_document_id": false
 }
 ]
 }

devices/hololens/hololens2-autopilot.md

@@ -107,7 +107,7 @@ To register a HoloLens device in the Windows Autopilot program, you have to obta
 
 **Retrieve a device hardware hash**
 
-1. Start the HoloLens 2 device, and make sure that you sign in by using an account that is the device owner.
+1. Start the HoloLens 2 device.
 1. On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files.
 1. Use a USB-C cable to connect the device to a computer.
 1. On the computer, open File Explorer. Open **This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents**, and locate the AutopilotDiagnostics.zip file.  

windows/client-management/mdm/defender-csp.md

@@ -272,6 +272,8 @@ Supported operation is Get.
 <a href="" id="health-quickscanoverdue"></a>**Health/QuickScanOverdue**  
 Indicates whether a Windows Defender quick scan is overdue for the device.
 
+A Quick scan is overdue when a scheduled Quick scan did not complete successfully for 2 weeks and [catchup Quick scans](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupquickscan) are disabled (default)
+
 The data type is a boolean.
 
 Supported operation is Get.
@@ -279,6 +281,8 @@ Supported operation is Get.
 <a href="" id="health-fullscanoverdue"></a>**Health/FullScanOverdue**  
 Indicates whether a Windows Defender full scan is overdue for the device.
 
+A Full scan is overdue when a scheduled Full scan did not complete successfully for 2 weeks and [catchup Full scans](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupfullscan) are disabled (default)
+
 The data type is a boolean.
 
 Supported operation is Get.
@@ -422,4 +426,4 @@ Supported operations are Get and Execute.
 ## Related topics
 
 
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](configuration-service-provider-reference.md)

windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md

@@ -90,7 +90,6 @@ Next, see [Add a Windows 10 operating system image using Configuration Manager](
 
 ## Related topics
 
-[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)<br>
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
 [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>

windows/security/identity-protection/hello-for-business/hello-faq.md

@@ -45,7 +45,7 @@ The statement "PIN is stronger than Password" is not directed at the strength of
 The **Key Admins** and **Enterprise Key Admins** groups are created when you install the first Windows Server 2016 domain controller into a domain. Domain controllers running previous versions of Windows Server cannot translate the security identifier (SID) to a name.  To resolve this, transfer the PDC emulator domain role to a domain controller running Windows Server 2016.
 
 ## Can I use a convenience PIN with Azure AD?
-It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts. It is only supported for on-premises only Domain Joined users and local account users.
+It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts. It is only supported for on-premises Domain Joined users and local account users.
 
 ## Can I use an external camera when my laptop is closed or docked?
 No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed.  The product group is aware of this and is investigating this topic further.
@@ -64,11 +64,11 @@ The user experience for Windows Hello for Business occurs after user sign-in, af
 [Windows Hello for Business user enrollment experience](hello-videos.md#windows-hello-for-business-user-enrollment-experience)
 
 ## What happens when my user forgets their PIN?
-If the user can sign-in with a password, they can reset their PIN by clicking the "I forgot my PIN" link in settings.  Beginning with the Fall Creators Update, users can reset their PIN above the lock screen by clicking the "I forgot my PIN" link on the PIN credential provider.
+If the user can sign-in with a password, they can reset their PIN by clicking the "I forgot my PIN" link in settings.  Beginning with Windows 10 1709, users can reset their PIN above the lock screen by clicking the "I forgot my PIN" link on the PIN credential provider.
 
 [Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience)
 
-For on-premises deployments, devices must be well connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs.  Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network.
+For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs.  Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network.
 
 ## What URLs do I need to allow for a hybrid deployment?
 Communicating with Azure Active Directory uses the following URLs:
@@ -88,11 +88,12 @@ Windows Hello for Business has two types of PIN reset: non-destructive and destr
 Organizations that have the on-premises deployment of Windows Hello for Business, or those not using Windows 10 Enterprise can use destructive PIN reset.  with destructive PIN reset, users that have forgotten their PIN can authenticate using their password, perform a second factor of authentication to re-provision their Windows Hello for Business credential. Re-provisioning deletes the old credential and requests a new credential and certificate.  On-premises deployments need network connectivity to their domain controllers, Active Directory Federation Services, and their issuing certificate authority to perform a destructive PIN reset. Also, for hybrid deployments, destructive PIN reset is only supported with the certificate trust model and the latest updates to Active Directory Federation Services.
 
 ## Which is better or more secure: Key trust or Certificate trust?
-The trust models of your deployment determine how you authenticate to Active Directory (on-premises). Both key trust and certificate trust use the same hardware backed, two-factor credential. The difference between the two trust types are:
+The trust models of your deployment determine how you authenticate to Active Directory (on-premises). Both key trust and certificate trust use the same hardware-backed, two-factor credential. The difference between the two trust types are:
 - Required domain controllers 
 - Issuing end entity certificates
 
 The **key trust** model authenticates to Active Directory using a raw key.  Windows Server 2016 domain controllers enables this authentication.  Key trust authenticate does not require an enterprise issued certificate, therefore you do not need to issue certificates to your end users (domain controller certificates are still needed).
+
 The **certificate trust** model authenticates to Active Directory using a certificate.  Because this authentication uses a certificate, domain controllers running previous versions of Windows Server can authenticate the user. Therefore, you need to issue certificates to your end users, but you do not need Windows Server 2016 domain controllers.  The certificate used in certificate trust uses the TPM protected private key to request a certificate from your enterprise's issuing certificate authority. 
 
 ## Do I need Windows Server 2016 domain controllers?
@@ -102,7 +103,7 @@ There are many deployment options from which to choose. Some of those options re
 Review [Azure AD Connect sync: Attributes synchronized to Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized) for a list of attributes that are sync based on scenarios.  The base scenarios that include Windows Hello for Business are [Windows 10](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#windows-10) scenario and the [Device writeback](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#device-writeback) scenario. Your environment may include additional attributes.
 
 ## Is Windows Hello for Business multifactor authentication?
-Windows Hello for Business is two-factor authentication based the observed authentication factors of: something you have, something you know, and something part of you.  Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
+Windows Hello for Business is two-factor authentication based on the observed authentication factors of: something you have, something you know, and something part of you.  Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
 
 ## What are the biometric requirements for Windows Hello for Business?
 Read [Windows Hello biometric requirements](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-biometric-requirements) for more information.

windows/security/threat-protection/TOC.md

@@ -413,7 +413,7 @@
 ### [Configure portal settings]()
 #### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
 #### [General]()
-##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
+##### [Verify data storage location and  update data retention settings](microsoft-defender-atp/data-retention-settings.md)
 ##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
 ##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
 ##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
@@ -702,7 +702,7 @@
 
 ### [Microsoft Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
 #### [Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
-#### [Set up and use Microsft Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
+#### [Set up and use Microsoft Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
 
 ### [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md)
 #### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)

windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md

@@ -1,6 +1,6 @@
 ---
-title: Update how long data is stored by MDATP
-description: Update data retention settings for Microsoft Defender Advanced Threat Protection (MDATP) by selecting between 30 days to 180 days.
+title: Verify data storage location and update data retention settings 
+description: Verify data storage location and update data retention settings for Microsoft Defender Advanced Threat Protection
 keywords: data, storage, settings, retention, update
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -15,9 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 04/24/2018
 ---
-# Update data retention settings for Microsoft Defender ATP 
+# Verify data storage location and update data retention settings for Microsoft Defender ATP 
 
 **Applies to:**
 
@@ -25,10 +24,18 @@ ms.date: 04/24/2018
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
 
-During the onboarding process, a wizard takes you through the general settings of Microsoft Defender ATP. After onboarding, you might want to update the data retention settings.
+During the onboarding process, a wizard takes you through the data storage and retention settings of Microsoft Defender ATP. 
+
+After completing the onboarding, you can verify your selection in the data retention settings page.
+
+## Verify data storage location
+During the [Set up phase](production-deployment.md), you would have selected the location to store your data. 
+
+You can verify the data location by navigating to **Settings** > **Data retention**.
+
+## Update data retention settings
 
 1. In the navigation pane, select **Settings** > **Data retention**.
 

windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md

@@ -50,7 +50,8 @@ Only the main version is listed in the following table as reference information:
 
 Month	| Platform/Client	| Engine
 ---|---|---
-Mar-2020 | 4.18.2003.x| 1.1.16900.x
+Apr-2020 | 4.18.2004.x | 1.1.17000.x
+Mar-2020 | 4.18.2003.x | 1.1.16900.x
 Feb-2020	|	- | 1.1.16800.x
 Jan-2020 |	4.18.2001.x	| 1.1.16700.x
 Dec-2019 | - | - |

windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md

@@ -1,6 +1,6 @@
 ---
-title: Shadow protection in next-generation protection
-description: Learn about shadow protection in next-generation protection
+title: Shadow protection
+description: Learn about shadow protection
 keywords: Windows Defender Antivirus, shadow protection, passive mode
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -16,7 +16,7 @@ ms.custom: next-gen
 ms.collection: 
 ---
 
-# Shadow protection in next-generation protection
+# Shadow protection
 
 **Applies to:**
 
@@ -67,7 +67,7 @@ The following images shows an instance of unwanted software that was detected an
 |Windows Defender Antivirus engine |To make sure your engine is up to date, using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
 
 > [!IMPORTANT]
-> To get the best protection value, make sure Windows Defender Antivirus is configured to receive regular updates and other essential features, such as behavioral monitoring, IOfficeAV, tamper protection, and more. See [Protect security settings with tamper protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) 
+> To get the best protection value, make sure Windows Defender Antivirus is configured to receive regular updates and other essential features, such as behavioral monitoring, IOfficeAV, tamper protection, and more. See [Protect security settings with tamper protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection).
 
 
 ## Frequently asked questions 
@@ -78,7 +78,7 @@ No. Shadow protection does not affect third-party antivirus protection running o
 
 ### Why do I need to keep Windows Defender Antivirus up to date? 
 
-The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack works in integration, and to get best protection value, you should keep Windows Defender Antivirus up to date.  
+Because Windows Defender Antivirus detects and remediates malicious items, it’s important to keep it up to date to leverage the latest machine learning models, behavioral detections, and heuristics for best results. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities work in an integrated manner, and to get best protection value, you should keep Windows Defender Antivirus up to date.  
 
 ### Why do we need cloud protection on?